HIGH🇵🇱 Wersja polska

CVE-2026-1837

CVSS 8.7v4.0pub. 2026-02-11upd. 2026-06-30

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Libjxl Project Libjxl

    APP
    Libjxl Project
    0.9.0 – 0.11.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-27804CRITICAL9.8ten sam produkt

JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.

CVE-2023-35790HIGH7.5ten sam produkt

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decod...

CVE-2021-36691HIGH7.5ten sam produkt

libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When en...

CVE-2024-11403MEDIUM6.9ten sam produkt

There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33...

CVE-2024-11498MEDIUM6.9ten sam produkt

There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to u...