libjxl CVE-2025-70103
HIGHCVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionNVD
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.
AnalysisAI
Heap buffer overflow in libjxl 0.12.0 lets remote attackers corrupt heap memory by feeding a crafted PBM/PNM image to the jxl::extras::DecodeImagePNM routine, which writes decoded rows into an output buffer without first checking that the buffer is large enough for the header-declared dimensions. The CVSS vector (AV:N/AC:L/PR:N/UI:N) describes unauthenticated, low-complexity exploitation with no user interaction, and CISA's SSVC framework rates it automatable with partial technical impact. Publicly available exploit code exists, though it is not listed in CISA KEV and no public exploit has been tied to active exploitation.
Technical ContextAI
libjxl is the reference encoder/decoder for the JPEG XL image format; this flaw lives in its 'extras' image-loading layer that also parses legacy Netpbm formats (PBM/PGM/PPM, collectively PNM) in lib/extras/dec/pnm.cc. The root cause is CWE-122 (heap-based buffer overflow): DecodeImagePNM trusts the width/height (xsize/ysize) and stride values derived from the PNM header and writes pixel rows into the frame->color buffer without validating that the allocated pixels_size can hold stride*ysize bytes. The upstream fix (PR #4338) adds explicit pre-write size checks - required_bytes = stride * ysize for rows, required_pixels = xsize * ysize * pixel_stride() for pixels, plus equivalent guards on each extra-channel buffer - failing with JXL_FAILURE when the destination is too small, confirming that header-controlled dimensions could previously overrun the heap allocation.
Affected ProductsAI
The affected product is libjxl (the JPEG XL reference library) at version 0.12.0, specifically the PNM/PBM decoder in lib/extras/dec/pnm.cc. No CPE strings were supplied in the input, so the precise affected-version range is bounded only by what the advisory states (0.12.0) and is not independently confirmed for earlier releases. The relevant upstream tracking and fix are at the libjxl GitHub repository: issue https://github.com/libjxl/libjxl/issues/4337 and pull request https://github.com/libjxl/libjxl/pull/4338. Any application, image service, thumbnailer, or platform that embeds libjxl 0.12.0 and exposes its extras PNM decoding path to untrusted input is potentially affected.
RemediationAI
Upstream fix available (PR/commit); released patched version not independently confirmed - apply the buffer-size validation from libjxl PR #4338 (https://github.com/libjxl/libjxl/pull/4338), which rejects PNM inputs whose header dimensions exceed the allocated output/extra-channel buffers, and rebuild or update libjxl once a tagged release incorporating it is published (track issue https://github.com/libjxl/libjxl/issues/4337). Until a patched release is consumed, the most direct compensating control is to disable or block the Netpbm/PNM decode path in libjxl-backed pipelines and restrict accepted input to formats you actually need; the trade-off is loss of PBM/PGM/PPM support for legitimate users. Where the decoder cannot be removed, run image decoding in a sandboxed, memory-isolated worker process (seccomp/containerized) with strict resource limits so a heap overrun is contained to a disposable process, accepting the added operational complexity, and validate/limit declared image dimensions at the application layer before handing files to libjxl.
Share
External POC / Exploit Code
Leaving vuln.today