CVE-2021-22563

MEDIUM Year: 2021
CVSS v3 Score
4.4
Medium
CVSS v2 Score
3.6
Low
Weakness Type
CWE-126
View all →

Vulnerability Description

Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/757

Related Vulnerabilities

CVE-2022-4432

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS PersistenceConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2022-4433

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoSetupConfigDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2022-4434

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2022-4435

MEDIUM
CVSS:4.4(Medium)

A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS LenovoRemoteConfigUpdateDxe driver that could allow a local attacker with elevated privileges to cause information disclosure.

CWE-1262022

CVE-2023-43568

MEDIUM
CVSS:4.4(Medium)

A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CWE-1262023

CVE-2023-43572

MEDIUM
CVSS:4.4(Medium)

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.

CWE-1262023