We found results for “”
WS-2021-0191
Good to know:
Date: January 13, 2021
libjxl in versions v0.1 to v0.3.7 is vulnerable to Use-of-uninitialized-value in jxl::N_AVX2::AddNoise, related to lib/jxl/dec_noise.cc
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
Use of Uninitialized Variable
CWE-457Top Fix
Upgrade Version
Upgrade to version https://github.com/libjxl/libjxl/commit/98231abe99b322fe286ea80ab2c066528540a4c5
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |