CVE-2025-12474
EUVD-2025-20702311.02.2026, 16:15
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libjxl_project | libjxl | 0.7.0 ≤ 𝑥 ≤ 0.11.1 |
𝑥
= Vulnerable software versions
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| firefox |
| ||
| firefox-debuginfo |
| ||
| firefox-debugsource |
| ||
| jpegxl-debuginfo |
| ||
| jpegxl-debugsource |
| ||
| jpegxl-doc |
| ||
| jxl-pixbuf-loader |
| ||
| jxl-pixbuf-loader-debuginfo |
| ||
| libjxl |
| ||
| libjxl-debuginfo |
| ||
| libjxl-devel |
| ||
| libjxl-devtools |
| ||
| libjxl-devtools-debuginfo |
| ||
| libjxl-utils |
| ||
| libjxl-utils-debuginfo |
| ||
| thunderbird |
|
Common Weakness Enumeration