VDB

DEBIAN-CVE-2025-12474

DEBIAN-CVE-2025-12474 PUBLISHED CVSS 4.400000095367432 MEDIUM

A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory. This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.

Risk Scores

CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:13jpeg-xl0.11.2-0.1, 0.11.1-6, 0.11.1-5
Debian:12jpeg-xl0.11.1-6, 0.11.2-1, 0.7.0-10+deb12u1
Debian:14jpeg-xl0.11.2-0.1, 0.11.1-6, 0.11.1-5

Exploit Intelligence

Timeline

  • Feb 11, 2026 CVE Published
  • May 16, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›