CVE-2024-11498

Publication date 25 November 2024

Last updated 27 November 2024


Ubuntu priority

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

Status

Package Ubuntu Release Status
jpeg-xl 24.10 oracular
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy Not in release
20.04 LTS focal Not in release