openSUSE-SU-2025:0041-1

Опубликовано: 31 янв. 2025

Источник: suse-cvrf

Описание

Security update for libjxl

This update for libjxl fixes the following issues:

CVE-2024-11498: Fixed denial of service by checking height limit in modular trees (boo#1233785).

Список пакетов

SUSE Package Hub 15 SP5

libjxl-devel-0.8.2-bp155.2.6.1

libjxl-tools-0.8.2-bp155.2.6.1

libjxl0_8-0.8.2-bp155.2.6.1

libjxl0_8-64bit-0.8.2-bp155.2.6.1

openSUSE Leap 15.5

libjxl-devel-0.8.2-bp155.2.6.1

libjxl-tools-0.8.2-bp155.2.6.1

libjxl0_8-0.8.2-bp155.2.6.1

libjxl0_8-64bit-0.8.2-bp155.2.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZHPZSTKKJIMP7HTU252RQ2IJBJJYHFVS/
E-Mail link for openSUSE-SU-2025:0041-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1233785
SUSE Bug 1233785
https://www.suse.com/security/cve/CVE-2024-11498/
SUSE CVE CVE-2024-11498 page

Описание

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

Затронутые продукты

SUSE Package Hub 15 SP5:libjxl-devel-0.8.2-bp155.2.6.1

SUSE Package Hub 15 SP5:libjxl-tools-0.8.2-bp155.2.6.1

SUSE Package Hub 15 SP5:libjxl0_8-0.8.2-bp155.2.6.1

SUSE Package Hub 15 SP5:libjxl0_8-64bit-0.8.2-bp155.2.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-11498.html
CVE-2024-11498
https://bugzilla.suse.com/1233784
SUSE Bug 1233784

openSUSE-SU-2025:0041-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2024-11498

Описание

Затронутые продукты

Ссылки