CVE-2025-12474

EUVD-2025-207023
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory.

This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
libjxl_projectlibjxl
0.7.0 ≤
𝑥
≤ 0.11.1
𝑥
= Vulnerable software versions
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
firefox
Amazon Linux 2023
0:140.7.1-1.amzn2023.0.1
fixed
firefox-debuginfo
Amazon Linux 2023
0:140.7.1-1.amzn2023.0.1
fixed
firefox-debugsource
Amazon Linux 2023
0:140.7.1-1.amzn2023.0.1
fixed
jpegxl-debuginfo
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
jpegxl-debugsource
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
jpegxl-doc
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
jxl-pixbuf-loader
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
jxl-pixbuf-loader-debuginfo
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl-debuginfo
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl-devel
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl-devtools
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl-devtools-debuginfo
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl-utils
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
libjxl-utils-debuginfo
Amazon Linux 2023
1:0.10.3-55.amzn2023
fixed
thunderbird
Amazon Linux 2
0:140.7.2-1.amzn2.0.1
fixed