threat
engine
.sh
Back
·
··:··
Home
/
Product
/
libjxl project libjxl
Product
libjxl project libjxl
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-1837
>= 0.9.0 and <= 0.11.1
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data
7.5
HIGH
CVE-2025-12474
>= 0.7.0 and <= 0.11.1
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be don
4.4
MEDIUM
CVE-2024-11498
< 0.8.4
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of
7.5
HIGH
CVE-2024-11403
< 0.8.4
There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG de
9.8
CRITICAL
CVE-2023-35790
< 0.8.2
An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a de
7.5
HIGH
CVE-2023-0645
< 0.8.1
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exi
5.3
MEDIUM
CVE-2022-34000
all versions
libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.
6.5
MEDIUM
CVE-2021-45928
< 0.6.1
libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder:
5.5
MEDIUM
CVE-2021-22564
<= 0.6.0
For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the
4.5
MEDIUM
CVE-2021-22563
< 0.6.0
Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The
4.5
MEDIUM
CVE-2021-36692
all versions
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicou
6.5
MEDIUM
CVE-2021-36691
all versions
libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GI
7.5
HIGH
CVE-2021-27804
<= 0.3.2
JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin