Security update for libjxl
| Announcement ID: | SUSE-SU-2026:2286-1 |
|---|---|
| Release Date: | 2026-06-05T12:16:51Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability can now be installed.
Description:
This update for libjxl fixes the following issues:
Security fixes:
- CVE-2025-70103: heap buffer overflow when hen processing crafted pbm-images due to insufficient bounds checks (bsc#1266460).
Other fixes:
- Update to version 0.10.5:
- fix tile dimension in low memory rendering pipeline.
- fix number of channels for gray-to-gray color transform.
djxl: reject decoding JXL files if "packed" representation size overflows.- Changes from version 0.10.4:
- Huffman lookup table size fix.
- Check height limit in modular trees.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2286=1
Package List:
-
SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
- libjxl-tools-debuginfo-0.10.5-150700.4.12.1
- libjxl0_10-0.10.5-150700.4.12.1
- libjxl-devel-0.10.5-150700.4.12.1
- libjxl0_10-debuginfo-0.10.5-150700.4.12.1
- libjxl-debugsource-0.10.5-150700.4.12.1
- libjxl-tools-0.10.5-150700.4.12.1
-
SUSE Package Hub 15 15-SP7 (x86_64)
- libjxl0_10-32bit-0.10.5-150700.4.12.1
- libjxl0_10-32bit-debuginfo-0.10.5-150700.4.12.1