Vulnerability Description
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libjxl Project | Libjxl | < 0.6.1 |
Related Weaknesses (CWE)
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456ExploitIssue TrackingThird Party Advisory
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yExploitThird Party Advisory
- https://github.com/libjxl/libjxl/compare/v0.5...v0.6PatchThird Party Advisory
- https://github.com/libjxl/libjxl/issues/360Issue TrackingPatchThird Party Advisory
- https://github.com/libjxl/libjxl/pull/365PatchThird Party Advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456ExploitIssue TrackingThird Party Advisory
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libvips/OSV-2021-1055.yExploitThird Party Advisory
- https://github.com/libjxl/libjxl/compare/v0.5...v0.6PatchThird Party Advisory
- https://github.com/libjxl/libjxl/issues/360Issue TrackingPatchThird Party Advisory
- https://github.com/libjxl/libjxl/pull/365PatchThird Party Advisory
FAQ
What is CVE-2021-45928?
CVE-2021-45928 is a vulnerability with a CVSS score of 5.5 (MEDIUM). libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::T...
How severe is CVE-2021-45928?
CVE-2021-45928 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45928?
Check the references section above for vendor advisories and patch information. Affected products include: Libjxl Project Libjxl.