Buffer Over-read

CVE-2021-22563

Medium

4.5/10

Summary

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-126 - Buffer Over-read

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References

Advisory Timeline

Published Nov 01, 2021

Buffer Over-read

CVE-2021-22563

Summary

CWE-126 - Buffer Over-read

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS