CVE-2024-11498 MEDIUM

CVE-2024-11498: Resource exhaustion via Stack overflow in libjxl

Vendor Libjxl
Product libjxl
Weakness CWE-400
Published November 25, 2024
Last update November 25, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

What the vulnerability does

01Description

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

Key dates

02Disclosure timeline

November 25, 2024 CVE published
November 25, 2024 Record updated