CVE-2024-11498

Name
CVE-2024-11498
Description
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/libjxl/libjxl/pull/3943

Match rules

CPE URI Source package Min version Max version
libjxl >= 0.11.0 < 65fbec56bc578b6b6ee02a527be70787bbd053b0
libjxl >= 0.10.0-2 < 65fbec56bc578b6b6ee02a527be70787bbd053b0
libjxl >= 0.9.0-3 < 65fbec56bc578b6b6ee02a527be70787bbd053b0
libjxl >= 0.8.0-3 < 65fbec56bc578b6b6ee02a527be70787bbd053b0
libjxl >= 0.7.0-1 < 65fbec56bc578b6b6ee02a527be70787bbd053b0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libjxl 3.20-community 0.10.2-r0 Alex Xu (Hello71) <alex_y_xu@yahoo.ca> possibly vulnerable
libjxl edge-community 0.10.3-r0 Alex Xu (Hello71) <alex_y_xu@yahoo.ca> possibly vulnerable