Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-22563

HistoryNov 01, 2021 - 1:15 p.m.

CVE-2021-22563

2021-11-0113:15:07

Debian Security Bug Tracker

security-tracker.debian.org

jpeg xl images

out of bounds access

rendering splines

upgrade

patch

unix

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

4.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

Percentile

12.8%

JSON

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757

OSVersionArchitecturePackageVersionFilename
Debian12alljpeg-xl< 0.7.0-10jpeg-xl_0.7.0-10_all.deb
Debian999alljpeg-xl< 0.9.2-10jpeg-xl_0.9.2-10_all.deb
Debian13alljpeg-xl< 0.9.2-10jpeg-xl_0.9.2-10_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	jpeg-xl	< 0.7.0-10	jpeg-xl_0.7.0-10_all.deb
Debian	999	all	jpeg-xl	< 0.9.2-10	jpeg-xl_0.9.2-10_all.deb
Debian	13	all	jpeg-xl	< 0.9.2-10	jpeg-xl_0.9.2-10_all.deb

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

4.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS

Percentile

12.8%

JSON

Related for DEBIANCVE:CVE-2021-22563