CVE-2024-11403

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions

LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99 libjpeg (affected versions not specified) libmozjs-115-0-115.15.0-4.1 libmozjs-128-0-128.5.1-3.1 libjxl-devel-0.11.1-1.1 qt6-webengine

Description

An out-of-bounds read/write vulnerability exists in the JPEG decoder used by the JPEG XL encoder when performing JPEG recompression on untrusted input. This occurs due to improper bounds checking in the presence of incomplete codes, potentially leading to an out-of-bounds write. The same vulnerability is present in jpegli, potentially causing it to read uninitialized memory or function addresses.

Recommendations

LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99: Update to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99 or a later version. libjpeg: Update to the latest version. libmozjs-115-0-115.15.0-4.1: Update to the latest version. libmozjs-128-0-128.5.1-3.1: Update to the latest version. libjxl-devel-0.11.1-1.1: Update to the latest version. qt6-webengine: Update to the latest version.

Fix

DoS

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

ALT-PU-2024-16409

BDU:2024-10890

CVE-2024-11403

DSA-5958-1

MGASA-2025-0008

OPENSUSE-SU-2024:0402-1

OPENSUSE-SU-2024:14531-1

OPENSUSE-SU-2024:14594-1

OPENSUSE-SU-2024:14600-1

OPENSUSE-SU-2024_4411-1

OPENSUSE-SU-2025:0139-1

SUSE-SU-2024:4411-1

SUSE-SU-2024_4411-1

SUSE-SU-2025:01883-1

USN-7637-1

Affected Products

Alt Linux

Debian

Libjxl

Linuxmint

Red Os

Suse

Ubuntu

CVE-2024-11403

Weakness Enumeration

Related Identifiers

Affected Products

References · 55