10 matches found
Fedora 44 : jpegxl (2026-aa2e960a9f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-aa2e960a9f advisory. Update to version 0.11.2. Resolves CVE-2025-12474 and CVE-2026-1837. Release notes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Tenable ha...
CVE-2026-1837
creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...
OPENSUSE-SU-2026:20385-1 Security update for libjxl
This update for libjxl fixes the following issues: Update to libjxl 0.11.2: - CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory bsc1258090. - CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to...
Important: firefox
Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...
Amazon Linux 2023 : firefox (ALAS2023-2026-1469)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1469 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area...
Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3190 (ALAS-2026-3190)
The version of thunderbird installed on the remote host is prior to 140.7.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3190 advisory. A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This...
Important: jpegxl
Issue Overview: A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating...
libjxl-devel-0.11.2-1.1 on GA media (moderate)
libjxl-devel-0.11.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10271-1 Rating: moderate Cross-References: CVE-2026-1837 CVSS scores: CVE-2026-1837 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-1837 SUSE : 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:...
CVE-2026-1837
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...
Linux Distros Unpatched Vulnerability : CVE-2026-1837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized...