-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is an integer underflow in patch decoding. The provided commit 489b6b82a6ad27d563646d5d920d8d6bcadbc26b directly addresses this issue in the file lib/jxl/dec_patch_dictionary.cc. The changes are within the PatchDictionary::Decode method. Specifically, the patch adds checks before calculating pos.x and pos.y to ensure that the delta values (deltax, deltay) do not cause the base positions (positions_.back().x, positions_.back().y) to underflow into a negative value that bypasses later checks. The removed lines show the vulnerable calculation without these explicit negative position checks. Therefore, jxl::PatchDictionary::Decode is the function where the vulnerability existed and was subsequently patched.
Ongoing coverage of React2Shell