SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2286

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2286

Security update for libjxl

Type: security

Severity: important

Issued: 2026-06-05

Description:

This update for libjxl fixes the following issues:

Security fixes:
  
- CVE-2025-70103: heap buffer overflow when hen processing crafted pbm-images due to insufficient bounds checks
  (bsc#1266460).

Other fixes:

- Update to version 0.10.5:
  - fix tile dimension in low memory rendering pipeline.
  - fix number of channels for gray-to-gray color transform.
  - `djxl`: reject decoding JXL files if "packed" representation size overflows.
- Changes from version 0.10.4:
  - Huffman lookup table size fix.
  - Check height limit in modular trees.

References

CVE: CVE-2025-70103
Bugzilla: 1266460 VUL-0: CVE-2025-70103: libjxl: libjxl: heap buffer overflow when hen processing crafted pbm-images due to insufficient bounds checks

Packages

libjxl-0.10.5-150700.4.12.1