9 matches found
Fedora 44 : jpegxl (2026-aa2e960a9f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-aa2e960a9f advisory. Update to version 0.11.2. Resolves CVE-2025-12474 and CVE-2026-1837. Release notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Tenable ha...
Security update for libjxl (moderate)
openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0107-1 Rating: moderate References: 1258090 Cross-References: CVE-2025-12474 CVSS scores: CVE-2025-12474 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE...
OPENSUSE-SU-2026:20385-1 Security update for libjxl
This update for libjxl fixes the following issues: Update to libjxl 0.11.2: - CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory bsc1258090. - CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to...
Important: firefox
Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...
Amazon Linux 2023 : firefox (ALAS2023-2026-1469)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1469 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3190 (ALAS-2026-3190)
The version of thunderbird installed on the remote host is prior to 140.7.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3190 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This...
Important: jpegxl
Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...
CVE-2025-12474
The CVE describes a vulnerability in libjxl where a specially crafted file can cause the decoder to read pixel data from uninitialized memory, due to referencing an outside-image-bound area in later patches and an optimization that omits populating those areas. Several connected advisories confir...
Linux Distros Unpatched Vulnerability : CVE-2025-12474
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to...