CVE-2024-11498

Summary

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

Affected Software

VendorProductVersion RangeStatus
libjxllibjxl0.11.0 < 65fbec56bc578b6b6ee02a527be70787bbd053b0affected
libjxllibjxl0.10.0-2 < 65fbec56bc578b6b6ee02a527be70787bbd053b0affected
libjxllibjxl0.9.0-3 < 65fbec56bc578b6b6ee02a527be70787bbd053b0affected
libjxllibjxl0.8.0-3 < 65fbec56bc578b6b6ee02a527be70787bbd053b0affected
libjxllibjxl0.7.0-1 < 65fbec56bc578b6b6ee02a527be70787bbd053b0affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References