Libjxl_project Libjxl
13 CVEs affecting Libjxl_project Libjxl. Latest disclosed: 2026-02-11. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-11403 | Critical | 9.8 | 2024-11-25 | There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL enco… |
CVE-2021-27804 | Critical | 9.8 | 2021-03-02 | JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. |
CVE-2026-1837 | High | 7.5 | 2026-02-11 | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized un… |
CVE-2024-11498 | High | 7.5 | 2024-11-25 | There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is p… |
CVE-2023-35790 | High | 7.5 | 2023-06-16 | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, such as an i… |
CVE-2021-36691 | High | 7.5 | 2021-08-30 | libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacke… |
CVE-2022-34000 | Medium | 6.5 | 2022-06-19 | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. |
CVE-2021-36692 | Medium | 6.5 | 2021-08-30 | libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an at… |
CVE-2021-45928 | Medium | 5.5 | 2022-01-01 | libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl… |
CVE-2023-0645 | Medium | 5.3 | 2023-04-11 | An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgra… |
CVE-2021-22564 | Medium | 4.5 | 2021-11-01 | For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the deco… |
CVE-2021-22563 | Medium | 4.5 | 2021-11-01 | Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read access can either l… |
CVE-2025-12474 | Medium | 4.4 | 2026-02-11 | A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to r… |