libjxl b02d6b9, as used in libvips 8.11 up to and including 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libjxl project libjxl |