Every CVE whose affected-product data names Libjxl Project Libjxl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2024-11403 — CVSS 9.8 (critical): There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used…
CVE-2023-35790 — CVSS 7.5 (high): An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of…
CVE-2021-36691 — CVSS 7.5 (high): libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file…
CVE-2026-1837 — CVSS 7.5 (high): A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from…
CVE-2024-11498 — CVSS 7.5 (high): There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack…
CVE-2022-34000 — CVSS 6.5 (medium): libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.
CVE-2021-36692 — CVSS 6.5 (medium): libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG…
CVE-2021-45928 — CVSS 5.5 (medium): libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGro…
CVE-2023-0645 — CVSS 5.3 (medium): An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif…
CVE-2021-22563 — CVSS 4.5 (medium): Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vector<std::vector<T>> when rendering splines. The OOB read…
CVE-2021-22564 — CVSS 4.5 (medium): For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups…
CVE-2025-12474 — CVSS 4.4 (medium): A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by…