Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2024-11498 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-11498

CVE-2024-11498

MEDIUM6.9

Resource exhaustion via Stack overflow in libjxl

Published Nov 25, 2024

Modified 1 years ago

Details

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0.

References

https://github.com/libjxl/libjxl/pull/3943

https://www.cve.org/CVERecord?id=CVE-2024-11498

CVSS Analysis

CVSS v4.0

6.9

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Attack Requirements

PresentAT:P

Privileges Required

LowPR:L

User Interaction

PassiveUI:P

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

HighVA:H

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

HighSA:H

6.9/CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Weakness Type (CWE)

Resource Management

Resource Exhaustion

Ecosystems

Timeline

PublishedNov 25, 2024

ModifiedNov 25, 2024