CVE-2021-22564

Name of the Vulnerable Software and Affected Versions libjxl versions prior to 0.6.0

Description The issue arises when processing certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) out of order. This can lead to an out of bounds copy of image pixels from an image buffer in the heap to another, particularly when processing the right or bottom edges of the image. The out of order processing can occur in multi-threaded decoding environments with heavy thread load or with images that contain groups in an arbitrary order in the file.

Recommendations For versions prior to 0.6.0, it is recommended to upgrade past 0.6.0 to resolve the issue. As a temporary workaround, consider restricting the use of multi-threaded decoding environments or avoiding images with groups in an arbitrary order until a patch is applied.