CVE-2021-45928
MEDIUMlibjxl < 0.6.1 - Out-of-bounds Write in ModularFrameDecoder
Title source: llmDescription
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yaml
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/libjxl/libjxl/issues/360
Patch, Third Party Advisory x_refsource_misc
https://github.com/libjxl/libjxl/pull/365
Patch, Third Party Advisory x_refsource_misc
https://github.com/libjxl/libjxl/compare/v0.5...v0.6
Scores
CVSS v3
5.5
EPSS
0.0039
EPSS Percentile
31.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (1)
libjxl_project/libjxl
< 0.6.1
Published
Jan 01, 2022
Tracked Since
Feb 18, 2026