Buffer overflow in Google Llc Libjxl
CVE-2021-22564
For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in th…
Vulnerability class: Buffer Overflow
EPSS: 0.003 (21.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.5 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Google Llc Libjxl — versions unspecified
- Libjxl_project Libjxl
Weakness classification (CWE)
References
- cve-coordination@google.com (Patch, Third Party Advisory, x_refsource_MISC)
- cve-coordination@google.com (Exploit, Third Party Advisory, x_refsource_MISC, Issue Tracking)
Frequently asked questions
- What is CVE-2021-22564?
- CVE-2021-22564 is a medium-severity vulnerability in Google Llc Libjxl, classified under Heap-based Buffer Overflow. CVSS score: 4.5/10. Published 2021-11-01.
- How severe is CVE-2021-22564?
- Medium severity. CVSS v3 base score is 4.5 out of 10.