CVE-2021-22564

{"id": "CVE-2021-22564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.0}]}, "published": "2021-11-01T13:15:07.713", "references": [{"url": "https://github.com/libjxl/libjxl/issues/708", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve-coordination@google.com"}, {"url": "https://github.com/libjxl/libjxl/pull/775", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775"}, {"lang": "es", "value": "Para determinadas im\u00e1genes JPEG XL v\u00e1lidas con un tama\u00f1o ligeramente superior a un n\u00famero entero de grupos (256x256 p\u00edxeles), cuando son procesados los grupos fuera de orden, el descodificador puede llevar a cabo una copia fuera de l\u00edmites de los p\u00edxeles de la imagen desde un b\u00fafer de imagen en la pila a otro. Esta copia puede producirse cuando son procesados los bordes derecho o inferior de la imagen, pero s\u00f3lo cuando los grupos son procesados en un orden determinado. Los grupos pueden ser procesados fuera de orden en entornos de decodificaci\u00f3n multihilo con gran carga de hilos, pero tambi\u00e9n con im\u00e1genes que contienen los grupos en un orden arbitrario en el archivo. Se recomienda actualizar a partir de la versi\u00f3n 0.6.0 o parchear con https://github.com/libjxl/libjxl/pull/775"}], "lastModified": "2021-11-02T18:52:44.650", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libjxl_project:libjxl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CC7FB7C-9506-45CF-A086-07481ACC16C6", "versionEndIncluding": "0.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}