Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-45928

HistoryJan 01, 2022 - 1:15 a.m.

CVE-2021-45928

2022-01-0101:15:08

Debian Security Bug Tracker

security-tracker.debian.org

libjxl

out-of-bounds write

decodegroup

libvips 8.11

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.1%

JSON

libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).

OSVersionArchitecturePackageVersionFilename
Debian12alljpeg-xl< 0.7.0-10jpeg-xl_0.7.0-10_all.deb
Debian999alljpeg-xl< 0.9.2-10jpeg-xl_0.9.2-10_all.deb
Debian13alljpeg-xl< 0.9.2-10jpeg-xl_0.9.2-10_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	jpeg-xl	< 0.7.0-10	jpeg-xl_0.7.0-10_all.deb
Debian	999	all	jpeg-xl	< 0.9.2-10	jpeg-xl_0.9.2-10_all.deb
Debian	13	all	jpeg-xl	< 0.9.2-10	jpeg-xl_0.9.2-10_all.deb

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.1%

JSON

Related for DEBIANCVE:CVE-2021-45928