HIGH
libjxl
CVE published 2026-05-27
CVE-2025-70103
A heap buffer overflow vulnerability exists in libjxl 0.12.0, triggered when processing crafted PBM images through the jxl::extras::DecodeImagePNM function in lib/extras/dec/pnm.cc. The vulnerability was published to CVE on 2026-05-27 and carries a HIGH severity CVSS 3.1 score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). The issue was reported via GitHub issue and subsequently addressed through a pull re [truncated]