PatchSiren

Libjxl Project CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Libjxl Project CVE published 2026-02-11

CVE-2026-1837

CVE-2026-1837 is a high severity vulnerability in libjxl, a library for image compression and decompression. The vulnerability allows for a specially-crafted file to cause libjxl's decoder to write pixel data to uninitialized unallocated memory. This can be done by requesting color transformation of grayscale images to another grayscale color space. The vulnerability has a CVSS score of 8.7 and is conside [truncated]