High severity7.5NVD Advisory· Published Nov 25, 2024· Updated Jun 17, 2026
CVE-2024-11498
CVE-2024-11498
Description
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14before commit 65fbec56bc578b6b6ee02a527be70787bbd053b0+ 1 more
- (no CPE)range: before commit 65fbec56bc578b6b6ee02a527be70787bbd053b0
- (no CPE)range: 0.11.0
- osv-coords12 versionspkg:rpm/opensuse/libjxl&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libjxl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libjxl&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libjxl-gtk&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs115&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs115&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libjxl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/libjxl&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/libjxl&distro=SUSE%20Package%20Hub%2015%20SP6pkg:rpm/suse/libjxl-gtk&distro=SUSE%20Package%20Hub%2015%20SP6pkg:rpm/suse/mozjs115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6
< 0.8.2-bp155.2.6.1+ 11 more
- (no CPE)range: < 0.8.2-bp155.2.6.1
- (no CPE)range: < 0.8.4-bp156.3.3.4
- (no CPE)range: < 0.11.1-1.1
- (no CPE)range: < 0.8.4-bp156.3.3.4
- (no CPE)range: < 115.4.0-150600.3.6.1
- (no CPE)range: < 115.15.0-4.1
- (no CPE)range: < 128.5.1-3.1
- (no CPE)range: < 0.10.3-150700.4.9.1
- (no CPE)range: < 0.8.2-bp155.2.6.1
- (no CPE)range: < 0.8.4-bp156.3.3.4
- (no CPE)range: < 0.8.4-bp156.3.3.4
- (no CPE)range: < 115.4.0-150600.3.6.1
Patches
Vulnerability mechanics
References
1- github.com/libjxl/libjxl/pull/3943nvdIssue TrackingPatch
News mentions
0No linked articles in our index yet.