Libjxl Project
Products
1- 13 CVEs
Recent CVEs
13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1837 | Hig | 0.49 | 7.5 | 0.00 | Feb 11, 2026 | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to… | ||
| CVE-2025-70103 | Hig | 0.40 | 7.3 | 0.00 | May 27, 2026 | Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. | ||
| CVE-2025-12474 | Med | 0.22 | 4.4 | 0.00 | Feb 11, 2026 | A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit… | ||
| CVE-2024-11403 | 0.00 | — | 0.01 | Nov 25, 2024 | There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check… | |||
| CVE-2024-11498 | 0.00 | — | 0.01 | Nov 25, 2024 | There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory… | |||
| CVE-2023-35790 | 0.00 | — | 0.01 | Jun 16, 2023 | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop. | |||
| CVE-2023-0645 | 0.00 | — | 0.01 | Apr 11, 2023 | An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43f… | |||
| CVE-2022-34000 | 0.00 | — | 0.01 | Jun 19, 2022 | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | |||
| CVE-2021-45928 | 0.00 | — | 0.00 | Dec 31, 2021 | libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections). | |||
| CVE-2021-22564 | 0.00 | — | 0.00 | Nov 1, 2021 | For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur… | |||
| CVE-2021-22563 | 0.00 | — | 0.00 | Nov 1, 2021 | Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch… | |||
| CVE-2021-36692 | 0.00 | — | 0.01 | Aug 30, 2021 | libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service. | |||
| CVE-2021-36691 | 0.00 | — | 0.01 | Aug 30, 2021 | libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service. |
- risk 0.49cvss 7.5epss 0.00
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to…
- risk 0.40cvss 7.3epss 0.00
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.
- risk 0.22cvss 4.4epss 0.00
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit…
- CVE-2024-11403Nov 25, 2024risk 0.00cvss —epss 0.01
There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check…
- CVE-2024-11498Nov 25, 2024risk 0.00cvss —epss 0.01
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory…
- CVE-2023-35790Jun 16, 2023risk 0.00cvss —epss 0.01
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an infinite loop.
- CVE-2023-0645Apr 11, 2023risk 0.00cvss —epss 0.01
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43f…
- CVE-2022-34000Jun 19, 2022risk 0.00cvss —epss 0.01
libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.
- CVE-2021-45928Dec 31, 2021risk 0.00cvss —epss 0.00
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
- CVE-2021-22564Nov 1, 2021risk 0.00cvss —epss 0.00
For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur…
- CVE-2021-22563Nov 1, 2021risk 0.00cvss —epss 0.00
Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector> when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based on other process memory. It is recommended to upgrade past 0.6.0 or patch…
- CVE-2021-36692Aug 30, 2021risk 0.00cvss —epss 0.01
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
- CVE-2021-36691Aug 30, 2021risk 0.00cvss —epss 0.01
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.