CVE-2021-28026

Name of the Vulnerable Software and Affected Versions: jpeg-xl version 0.3.2

Description: The issue is related to a heap buffer overflow in the /lib/jxl/coeff order.cc file, specifically in the ReadPermutation function. This can be triggered when decoding a malicious jxl file using djxl, potentially allowing an attacker to execute arbitrary code or cause a denial of service.

Recommendations: For jpeg-xl version 0.3.2, consider avoiding the use of the ReadPermutation function in the /lib/jxl/coeff order.cc file until a patch is available. As a temporary workaround, restrict the decoding of jxl files using djxl to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.