← Back to CVEs
CVE-2026-1837
HIGH7.5
Description
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/11/2026
Last Modified4/14/2026
Sourcenvd
Honeypot Sightings0
Affected Products
libjxl_project:libjxl
Weaknesses (CWE)
CWE-805CWE-770
References
https://github.com/libjxl/libjxl/issues/4549(cve-coordination@google.com)
https://github.com/libjxl/libjxl/issues/4549(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.