How severe is CVE-2021-22564?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-22564?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2021-22564 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775

Related Vulnerabilities

CVE-2019-14814

MEDIUM

CVSS:5.5(Medium)

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system cra...

CWE-1222019

CVE-2019-14816

MEDIUM

CVSS:5.5(Medium)

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or...

CWE-1222019

CVE-2020-25665

MEDIUM

CVSS:5.5(Medium)

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in...

CWE-1222020

CVE-2020-25667

MEDIUM

CVSS:5.5(Medium)

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a craf...

CWE-1222020

CVE-2020-25674

MEDIUM

CVSS:5.5(Medium)

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible fo...

CWE-1222020

CVE-2020-27829

MEDIUM

CVSS:5.5(Medium)

A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

CWE-1222020