Libjxl
CVE-2021-27804
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
AnalysisAI
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. Affected products include: Libjxl Project Libjxl. Version information: through 0.3.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). Rated high severi
libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.c
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). Rated medium
For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when proc
An out of bounds read exists in libjxl. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable,
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after
Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering sp
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. Rated high severity (CVSS 7.5), this vulnerab
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This c
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today