Kusagadzikana kuviri kwakaburitswa muFFmpeg's JPEG XL decoder iyo inogona kutungamira kune anorwisa-yakatangwa kodhi kuuraya kana FFmpeg ichiita mifananidzo yakanyatsogadzirwa. Nyaya idzi dzakagadziriswa muFFmpeg 6.1, asi sezvo JPEG XL tsigiro inosanganisirwa kutanga nebazi re6.1, kusazvibata kunongokanganisa masisitimu anomhanyisa kuyedza kuvaka kweFFmpeg 6.1 kana kutama kubva kwavari.
Kusagadzikana kwekutanga (CVE-2024-22860) kunokonzerwa nekuwanda kwehuwandu muJPEG XL parser, nekuda kwekushaikwa kwecheki yekupfuura saizi yerudzi rwe int. Kusagadzikana kwechipiri (CVE-2024-22862) kunokonzerwa nekuwanda kwehuwandu mujpegxl_anim_read_packet basa rinoshandiswa kugadzirisa mifananidzo, uye ine chekuita nekushandiswa kwemhando yakasainwa int64_t pachinzvimbo cheuint64_t isina kusaina. Nyaya dzacho dzakananga kuFFmpeg uye hadzioneki mune libjxl referensi rekuita.
Source: opennet.ru
