CVE-2024-11498: 
NixOS vulnerability analysis and mitigation

A stack buffer overflow vulnerability was discovered in the libjxl package (CVE-2024-11498). The vulnerability allows a specifically-crafted file to cause the JPEG XL decoder to use excessive amounts of stack space, up to 256MB or potentially 512MB, which could lead to stack exhaustion (NVD).

The vulnerability exists in the JPEG XL decoder implementation where a maliciously crafted file can trigger excessive stack memory usage. The issue has been assigned a CVSS v4.0 Base Score of 6.9 (Medium) with the vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H. The vulnerability is classified as CWE-400 (Uncontrolled Resource Consumption) (NVD).

When exploited, this vulnerability can cause the JPEG XL decoder to consume large amounts of stack memory, potentially leading to stack exhaustion and application crashes. This could result in a denial of service condition for applications using the affected libjxl library (NVD).

The vulnerability has been patched in commit 65fbec56bc578b6b6ee02a527be70787bbd053b0. Users are recommended to upgrade their libjxl installations to a version containing this fix. The patch implements iterative checking instead of recursive checking of tree property values to ensure low stack usage (GitHub PR).