Known Vulnerabilities for products from Libjxl Project
Listed below are 10 of the newest known vulnerabilities associated with the vendor "Libjxl Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-1837 json | A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that ... | Not Provided | 2026-02-11 | 2026-04-14 |
| CVE-2023-35790 json | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to... | 7.5 - HIGH | 2023-06-16 | 2023-06-26 |
| CVE-2023-0645 json | An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in th... | 9.1 - CRITICAL | 2023-04-11 | 2023-04-18 |
| CVE-2022-34000 json | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | 6.5 - MEDIUM | 2022-06-19 | 2022-11-16 |
| CVE-2021-45928 json | libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDec... | 5.5 - MEDIUM | 2022-01-01 | 2022-01-12 |
| CVE-2021-36692 json | libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a ma... | 6.5 - MEDIUM | 2021-08-30 | 2021-09-07 |
| CVE-2021-36691 json | libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malico... | 7.5 - HIGH | 2021-08-30 | 2021-09-08 |
| CVE-2021-27804 json | JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption. | 9.8 - CRITICAL | 2021-03-02 | 2021-06-21 |
| CVE-2021-22564 json | For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processin... | 5.5 - MEDIUM | 2021-11-01 | 2021-11-02 |
| CVE-2021-22563 json | Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector |
4.4 - MEDIUM | 2021-11-01 | 2021-11-03 |