Skip to main content

Libjxl CVE-2026-1837

HIGH
Buffer Access with Incorrect Length Value (CWE-805)
2026-02-11 cve-coordination@google.com
8.7
CVSS 4.0 · Vendor: google
Share

Severity by source

Vendor (google) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Red Hat
8.8 HIGH
qualitative

Primary rating from Vendor (google).

CVSS VectorVendor: google

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

3
CVSS changed
Apr 14, 2026 - 00:52 NVD
8.7 (HIGH)
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 11, 2026 - 16:16 nvd
N/A

DescriptionCVE.org

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.

This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).

AnalysisAI

A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious JXL image file
Delivery
Request grayscale-to-grayscale color transformation
Exploit
Trigger buffer overflow in decoder
Execution
Read/write uninitialized memory
Impact
Potential information disclosure or corruption

Vulnerability AssessmentAI

Exploitation libjxl decoder must be compiled with LCMS2 as the CMS engine (not the alternative CMS engine). … Additional conditions and limiting factors are described in the full assessment.
Exploit Scenario An attacker could exploit this vulnerability to compromise the affected system.
Remediation Monitor vendor advisories for a patch. Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Server 16.0 Affected

Share

CVE-2026-1837 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy