Security update for libjxl
A heap buffer overflow vulnerability (CVE-2025-70103) exists in libjxl when processing crafted pbm-images due to insufficient bounds checks. This issue is addressed in an update to libjxl version 0. 10. 5 by the SUSE Product Security Team. The update also includes other fixes unrelated to security. No known exploits are reported in the wild. The vulnerability is rated as high severity by the source. Patch status is implied by the update to version 0. 10. 5 but no explicit patch link is provided.
AI Analysis
Technical Summary
The libjxl library contained a heap buffer overflow vulnerability (CVE-2025-70103) triggered by processing specially crafted pbm-images, caused by insufficient bounds checking. This vulnerability was fixed in libjxl version 0.10.5, which also includes other non-security related fixes such as tile dimension corrections and Huffman lookup table size adjustments. The update was published by the SUSE Product Security Team as advisory SUSE-SU-2026:2286-1. No CVSS score is provided, and no known exploits have been reported.
Potential Impact
Successful exploitation of this vulnerability could lead to memory corruption via heap buffer overflow when processing malicious pbm-images. This may result in application crashes or potentially arbitrary code execution depending on the context. However, no known exploits are currently reported in the wild.
Mitigation Recommendations
Upgrade to libjxl version 0.10.5 or later as provided by the SUSE Product Security Team in advisory SUSE-SU-2026:2286-1. This update addresses the heap buffer overflow vulnerability and includes other stability fixes. Since this is not a cloud service, users must apply the update manually. Patch status is confirmed by the vendor advisory.
Security update for libjxl
Description
A heap buffer overflow vulnerability (CVE-2025-70103) exists in libjxl when processing crafted pbm-images due to insufficient bounds checks. This issue is addressed in an update to libjxl version 0. 10. 5 by the SUSE Product Security Team. The update also includes other fixes unrelated to security. No known exploits are reported in the wild. The vulnerability is rated as high severity by the source. Patch status is implied by the update to version 0. 10. 5 but no explicit patch link is provided.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The libjxl library contained a heap buffer overflow vulnerability (CVE-2025-70103) triggered by processing specially crafted pbm-images, caused by insufficient bounds checking. This vulnerability was fixed in libjxl version 0.10.5, which also includes other non-security related fixes such as tile dimension corrections and Huffman lookup table size adjustments. The update was published by the SUSE Product Security Team as advisory SUSE-SU-2026:2286-1. No CVSS score is provided, and no known exploits have been reported.
Potential Impact
Successful exploitation of this vulnerability could lead to memory corruption via heap buffer overflow when processing malicious pbm-images. This may result in application crashes or potentially arbitrary code execution depending on the context. However, no known exploits are currently reported in the wild.
Mitigation Recommendations
Upgrade to libjxl version 0.10.5 or later as provided by the SUSE Product Security Team in advisory SUSE-SU-2026:2286-1. This update addresses the heap buffer overflow vulnerability and includes other stability fixes. Since this is not a cloud service, users must apply the update manually. Patch status is confirmed by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- SUSE Product Security Team
- Advisory Id
- SUSE-SU-2026:2286-1
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a248d87e29bf47b50d69162
Added to database: 6/6/2026, 9:13:43 PM
Last enriched: 6/6/2026, 9:18:31 PM
Last updated: 6/7/2026, 12:20:19 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.