CVE-2021-22563

Опубликовано: 01 нояб. 2021

Источник: nvd

CVSS3: 4.5

CVSS3: 4.4

CVSS2: 3.6

EPSS Низкий

Описание

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757

Ссылки

https://github.com/libjxl/libjxl/issues/735
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/libjxl/libjxl/pull/757
Patch
Third Party Advisory
https://github.com/libjxl/libjxl/issues/735
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/libjxl/libjxl/pull/757
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libjxl_project:libjxl:*:*:*:*:*:*:*:*

Версия до 0.6.0 (исключая)

EPSS

Процентиль: 14%

0.00045

Низкий

4.5 Medium

CVSS3

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-126

CWE-125

Связанные уязвимости

CVE-2021-22563

CVSS3: 4.5

debian

больше 4 лет назад

Invalid JPEG XL images using libjxl can cause an out of bounds access ...

GHSA-q2wp-4p9r-fg6g

github

больше 3 лет назад

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757

EPSS

Процентиль: 14%

0.00045

Низкий

4.5 Medium

CVSS3

4.4 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-126

CWE-125