CVE-2026-1837
EUVD-2026-617711.02.2026, 16:16
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libjxl_project | libjxl | 0.9.0 ≤ 𝑥 ≤ 0.11.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-805 - Buffer Access with Incorrect Length ValueThe software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
- CWE-770 - Allocation of Resources Without Limits or ThrottlingThe software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.