// For flags

CVE-2021-22564

Out of bounds Copy in Libjxl in large image groups

Severity Score

5.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775

Para determinadas imágenes JPEG XL válidas con un tamaño ligeramente superior a un número entero de grupos (256x256 píxeles), cuando son procesados los grupos fuera de orden, el descodificador puede llevar a cabo una copia fuera de límites de los píxeles de la imagen desde un búfer de imagen en la pila a otro. Esta copia puede producirse cuando son procesados los bordes derecho o inferior de la imagen, pero sólo cuando los grupos son procesados en un orden determinado. Los grupos pueden ser procesados fuera de orden en entornos de decodificación multihilo con gran carga de hilos, pero también con imágenes que contienen los grupos en un orden arbitrario en el archivo. Se recomienda actualizar a partir de la versión 0.6.0 o parchear con https://github.com/libjxl/libjxl/pull/775

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-05 CVE Reserved
  • 2021-11-01 CVE Published
  • 2023-05-25 EPSS Updated
  • 2024-09-17 CVE Updated
  • 2024-09-17 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://github.com/libjxl/libjxl/issues/708 2024-09-17
URL Date SRC
https://github.com/libjxl/libjxl/pull/775 2021-11-02
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libjxl Project
Search vendor "Libjxl Project"
 Libjxl
Search vendor "Libjxl Project" for product "Libjxl"
 <= 0.6.0
Search vendor "Libjxl Project" for product "Libjxl" and version " <= 0.6.0"
-
Affected