We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-11498

Resource exhaustion via Stack overflow in libjxl



Description

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

Reserved 2024-11-20 | Published 2024-11-25 | Updated 2024-11-25 | Assigner Google


MEDIUM: 6.9CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status
unaffected

0.11.0 before 65fbec56bc578b6b6ee02a527be70787bbd053b0
affected

0.10.0-2 before 65fbec56bc578b6b6ee02a527be70787bbd053b0
affected

0.9.0-3 before 65fbec56bc578b6b6ee02a527be70787bbd053b0
affected

0.8.0-3 before 65fbec56bc578b6b6ee02a527be70787bbd053b0
affected

0.7.0-1 before 65fbec56bc578b6b6ee02a527be70787bbd053b0
affected

References

github.com/libjxl/libjxl/pull/3943

cve.org (CVE-2024-11498)

nvd.nist.gov (CVE-2024-11498)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-11498

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.