Nixpkgs security tracker

Untriaged

Permalink CVE-2025-12474

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

libjxl: Uninitialized memory read in decoder due to incorrect optimization in patch handling

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.

References

https://github.com/libjxl/libjxl/pull/4495

Affected products

libjxl

=<0.11.1

Matching in nixpkgs

pkgs.libjxl

JPEG XL image format reference implementation

nixos-unstable 0.11.1
- nixpkgs-unstable 0.11.1
- nixos-unstable-small 0.11.1
nixos-25.11 0.11.1
- nixpkgs-25.11-darwin 0.11.1

Package maintainers

@nh2 Niklas Hambüchen <mail@nh2.me>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libjxl

Package maintainers