CVE-2021-28026

Опубликовано: 05 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. When decoding a malicous jxl file using djxl, an attacker can trigger arbitrary code execution or a denial of service.

Ссылки

https://gitlab.com/wg1/jpeg-xl/-/issues/163
Exploit
Issue Tracking
Third Party Advisory
https://gitlab.com/wg1/jpeg-xl/-/issues/163
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jpeg:jpeg-xl:0.3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 66%

0.00507

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-28026

CVSS3: 7.8

debian

почти 5 лет назад

jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff ...

GHSA-79f7-6jwc-94qw

github

больше 3 лет назад