Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-11403

Опубликовано: 25 нояб. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 9.8

Описание

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.

РелизСтатусПримечание
devel

not-affected

0.11.1-4
esm-apps/noble

released

0.7.0-10.2ubuntu6.1
esm-infra/focal

DNE

focal

DNE

jammy

DNE

noble

released

0.7.0-10.2ubuntu6.1
oracular

ignored

end of life, was needed
plucky

not-affected

0.11.1-4
upstream

released

0.10.4-1

Показывать по

EPSS

Процентиль: 34%
0.00134
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

CVSS3: 5.3
redhat
9 месяцев назад

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.

CVSS3: 9.8
nvd
9 месяцев назад

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions.

CVSS3: 9.8
debian
9 месяцев назад

There exists an out of bounds read/write in LibJXL versions prior to c ...

suse-cvrf
8 месяцев назад

Security update for qt6-webengine

suse-cvrf
около 2 месяцев назад

Security update for libjxl

EPSS

Процентиль: 34%
0.00134
Низкий

9.8 Critical

CVSS3