Multiple vulnerabilities are discovered in jpeg-xl, the JPEG XL ("JXL") image coding library, including out of bounds read/write and stack based buffer overflow, which may cause excessive memory usage and denial of service attacks.
CVE-2023-0645
Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.
CVE-2023-35790
Integer underflow in patch decoding code of libjxl.
CVE-2024-11403
Out of bounds write in the JPEG decoder used for recompression of JPEG files.
CVE-2024-11498
Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.
https://security-tracker.debian.org/tracker/DSA-5958-1
Continue reading...
CVE-2023-0645
Specifically crafted file could cause an out of bounds read in the exif handler of libjxl.
CVE-2023-35790
Integer underflow in patch decoding code of libjxl.
CVE-2024-11403
Out of bounds write in the JPEG decoder used for recompression of JPEG files.
CVE-2024-11498
Specifically crafted file could cause the JPEG XL decoder to use large amounts of stack space, potentially exhausting the stack.
https://security-tracker.debian.org/tracker/DSA-5958-1
Continue reading...
