PT-2024-8851 · Libjxl+6 · Libjxl+6

Published

2024-10-03

Updated

2026-03-31

CVE-2024-11498

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libjxl libjxl-devel-0.11.1-1.1 libmozjs-115-0-115.15.0-4.1 libmozjs-128-0-128.5.1-3.1 jpeg-xl (affected versions not specified)

Description A stack buffer overflow exists in the libjxl library's JPEG XL decoder. A specially crafted file can cause the decoder to use excessive stack space (up to 256MB or potentially 512MB), potentially leading to a denial of service. An attacker can create a file that triggers this excessive memory usage. The vulnerability is also related to an issue in the JxlEncoderAddJPEGFrame() function, which can lead to out-of-bounds write in memory.

Recommendations Update to libjxl-devel-0.11.1-1.1. Update to libmozjs-115-0-115.15.0-4.1. Update to libmozjs-128-0-128.5.1-3.1. Upgrade past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0. For the jpeg-xl package, upgrade to the latest available version.

Fix

DoS

Stack Overflow

Resource Exhaustion

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-400CWE-787CWE-125

Related Identifiers

ALT-PU-2024-16409

BDU:2024-10487

BDU:2024-10890

CVE-2024-11498

DSA-5958-1

MGASA-2025-0008

OPENSUSE-SU-2024:14531-1

OPENSUSE-SU-2024:14594-1

OPENSUSE-SU-2024:14600-1

OPENSUSE-SU-2024_4411-1

OPENSUSE-SU-2025:0041-1

OPENSUSE-SU-2025:0139-1

SUSE-SU-2024:4411-1

SUSE-SU-2026:1154-1

USN-7637-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

Libjxl

PT-2024-8851 · Libjxl+6 · Libjxl+6

CVE-2024-11498

Weakness Enumeration

Related Identifiers

Affected Products

References · 57