CVE-2025-12474 libjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handling

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

CVE-2025-12474 libjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handling

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource due to an uninitialized memory read in the decoder. An attacker can cause a denial of service by submitting specially crafted input that triggers the incorrect optimization in patch handling. Remediation...

CVE-2025-12474

The CVE describes a vulnerability in libjxl where a specially crafted file can cause the decoder to read pixel data from uninitialized memory, due to referencing an outside-image-bound area in later patches and an optimization that omits populating those areas. Several connected advisories confir...

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

CVE-2026-1837

The connected records confirm CVE-2026-1837 affects libjxl’s decoder when LCMS2 is used as the CMS. A specially-crafted file can trigger an out-of-bounds write by transforming grayscale images to another grayscale color space, where buffers allocated for 1-float-per-pixel are treated as 3-float-p...

CVE-2026-1837

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale col...

CLSA-2026-1770802828 ImageMagick: Fix of CVE-2026-23876

CVE-2026-23876: fix heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage...

libjxl 安全漏洞

libjxl is an open-source implementation of the JPEG XL image format. There is a security vulnerability in libjxl; this vulnerability arises from the decoder potentially writing pixel data to uninitialized, unallocated memory when processing specially crafted files, which may lead to information...

PT-2026-7614

Name of the Vulnerable Software and Affected Versions libjxl affected versions not specified Description A crafted file can lead to libjxl's decoder reading pixel data from uninitialized memory. This occurs due to an incorrect optimization that causes the decoder to omit populating certain memory...

Linux Distros Unpatched Vulnerability : CVE-2026-1837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized...

CVE-2025-12474

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas...

Linux Distros Unpatched Vulnerability : CVE-2025-12474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized but allocated memory. This can be done by causing the decoder to...

[SECURITY] Fedora 43 Update: rust-gst-plugin-dav1d-0.14.0-3.fc43

GStreamer dav1d AV1 decoder Plugin...

📄 Samsung MP3 Decoder Out-Of-Bounds Read

Proof of concept exploit for a Samsung MP3 Decoder smp123djointstereov1 out-of-bounds read enabling potential ASLR bypass. ============================================================================================================================================= | Title : Samsung MP3 Decoder...

📄 Samsung Quram DNG Heap Corruption

Samsung devices utilize Quram's DNG decoder. A malformed ScalePerColumn opcode with oversized areaSpec and extreme pitches leads to arithmetic overflow in the per-column scaling loop. After allocation miscalculation, subsequent writes corrupt heap structures. Carefully crafted payloads enable...

📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner

This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...

CVE-2026-1301

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...