CVE-2024-11498
HIGHlibjxl < 0.8.4 - Stack Buffer Overflow via Crafted JPEG XL File
Title source: llmDescription
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.
References (1)
Core 1
Core References
Issue Tracking, Patch
https://github.com/libjxl/libjxl/pull/3943
Scores
CVSS v3
7.5
EPSS
0.0061
EPSS Percentile
44.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
Status
published
Products (1)
libjxl_project/libjxl
< 0.8.4
Published
Nov 25, 2024
Tracked Since
Feb 18, 2026