CVE-2026-1837 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2026-1837 Interim 1 1 2026-03-05T00:19:25Z current 2026-03-05T00:19:25Z 2026-03-05T00:19:25Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2026-1837 A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2026-February/024399.html E-Mail link for SUSE-SU-2026:0648-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 openSUSE Tumbleweed libjxl libjxl-devel libjxl-devel-0.10.3-150700.4.6.1 libjxl-devel-0.11.2-1.1 libjxl-tools-0.10.3-150700.4.6.1 libjxl-tools-0.11.2-1.1 libjxl0_10-0.10.3-150700.4.6.1 libjxl0_10-32bit-0.10.3-150700.4.6.1 libjxl0_11 libjxl0_11-0.11.2-1.1 libjxl0_11-32bit-0.11.2-1.1 libjxl0_11-x86-64-v3 libjxl0_11-x86-64-v3-0.11.2-1.1 libjxl-devel-0.10.3-150700.4.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libjxl-tools-0.10.3-150700.4.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libjxl0_10-0.10.3-150700.4.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libjxl0_10-32bit-0.10.3-150700.4.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 libjxl-devel-0.11.2-1.1 as a component of openSUSE Tumbleweed libjxl-tools-0.11.2-1.1 as a component of openSUSE Tumbleweed libjxl0_11-0.11.2-1.1 as a component of openSUSE Tumbleweed libjxl0_11-32bit-0.11.2-1.1 as a component of openSUSE Tumbleweed libjxl0_11-x86-64-v3-0.11.2-1.1 as a component of openSUSE Tumbleweed libjxl-devel as a component of SUSE Linux Enterprise Server 16.0 libjxl0_11 as a component of SUSE Linux Enterprise Server 16.0 libjxl0_11-x86-64-v3 as a component of SUSE Linux Enterprise Server 16.0 libjxl as a component of SUSE Linux Enterprise Server 16.0 libjxl-devel as a component of SUSE Linux Enterprise Server for SAP applications 16.0 libjxl0_11 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 libjxl0_11-x86-64-v3 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 libjxl as a component of SUSE Linux Enterprise Server for SAP applications 16.0 A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags). CVE-2026-1837 SUSE Linux Enterprise Module for Package Hub 15 SP7:libjxl-devel-0.10.3-150700.4.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libjxl-tools-0.10.3-150700.4.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libjxl0_10-0.10.3-150700.4.6.1 SUSE Linux Enterprise Module for Package Hub 15 SP7:libjxl0_10-32bit-0.10.3-150700.4.6.1 openSUSE Tumbleweed:libjxl-devel-0.11.2-1.1 openSUSE Tumbleweed:libjxl-tools-0.11.2-1.1 openSUSE Tumbleweed:libjxl0_11-0.11.2-1.1 openSUSE Tumbleweed:libjxl0_11-32bit-0.11.2-1.1 openSUSE Tumbleweed:libjxl0_11-x86-64-v3-0.11.2-1.1 important 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H