top of page
perceptive_background_267k.jpg

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.

Published:

26 mei 2026 om 22:00:00

Alert date:

27 mei 2026 om 21:06:41

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Web Technologies

A heap buffer overflow vulnerability has been discovered in libjxl version 0.12.0. The vulnerability occurs in the jxl::extras::DecodeImagePNM function located in lib/extras/dec/pnm.cc when processing specially crafted PBM images. This memory corruption issue could potentially allow attackers to execute arbitrary code or cause denial of service by providing malicious PBM image files to applications using the affected libjxl library. The vulnerability has been reported with proof-of-concept code available and fixes are being developed by the maintainers.

Technical details

Mitigation steps:

Affected products:

libjxl

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-70103
https://github.com/libjxl/libjxl/issues/4337
https://github.com/libjxl/libjxl/pull/4338
https://github.com/sigdevel/pocs/blob/main/res/libjxl/2025/2
https://infosec.exchange/@sigdevel/116642233929409910

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page