home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.bugs.dist      Ohh some weird Debian bug report thing      28,835 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 27,747 of 28,835   
   Salvatore Bonaccorso to All   
   Bug#1128068: jpeg-xl: CVE-2025-12474   
   15 Feb 26 16:40:01   
   
   From: carnil@debian.org   
      
   Source: jpeg-xl   
   Version: 0.11.1-6   
   Severity: important   
   Tags: security upstream   
   Forwarded: https://github.com/libjxl/libjxl/pull/4495   
   X-Debbugs-Cc: carnil@debian.org, Debian Security Team    
      
   Hi,   
      
   The following vulnerability was published for jpeg-xl.   
      
   CVE-2025-12474[0]:   
   | A specially-crafted file can cause libjxl's decoder to read pixel   
   | data from uninitialized (but allocated) memory.  This can be done by   
   | causing the decoder to reference an outside-image-bound area in a   
   | subsequent patches. An incorrect optimization causes the decoder to   
   | omit populating those areas.   
      
      
   If you fix the vulnerability please also make sure to include the   
   CVE (Common Vulnerabilities & Exposures) id in your changelog entry.   
      
   For further information see:   
      
   [0] https://security-tracker.debian.org/tracker/CVE-2025-12474   
       https://www.cve.org/CVERecord?id=CVE-2025-12474   
   [1] https://github.com/libjxl/libjxl/pull/4495   
   [2] https://github.com/libjxl/libjxl/commit/4523cf652f568f1fbb57   
   f9a10ae3caae785cd9f   
      
   Please adjust the affected versions in the BTS as needed.   
      
   Regards,   
   Salvatore   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca