Buffer overflow in Google Llc Libjxl

CVE-2021-22564

For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in th…

Vulnerability class: Buffer Overflow

EPSS: 0.003 (21.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.5 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-22564?
CVE-2021-22564 is a medium-severity vulnerability in Google Llc Libjxl, classified under Heap-based Buffer Overflow. CVSS score: 4.5/10. Published 2021-11-01.
How severe is CVE-2021-22564?
Medium severity. CVSS v3 base score is 4.5 out of 10.