{"affected":[{"ecosystem_specific":{"binaries":[{"libjxl-devel":"0.10.3-150700.4.6.1","libjxl-tools":"0.10.3-150700.4.6.1","libjxl0_10":"0.10.3-150700.4.6.1","libjxl0_10-32bit":"0.10.3-150700.4.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"libjxl","purl":"pkg:rpm/suse/libjxl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.3-150700.4.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libjxl fixes the following issues:\n\n- CVE-2025-12474: a specially crafted file can cause the decoder to read pixel data from uninitialized allocated memory\n  (bsc#1258090).\n- CVE-2026-1837: a specially crafted file can cause the decoder to write pixel data to uninitialized unallocated memory\n  (bsc#1258091).\n","id":"SUSE-SU-2026:0648-1","modified":"2026-02-25T16:30:57Z","published":"2026-02-25T16:30:57Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260648-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258090"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258091"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-12474"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-1837"}],"related":["CVE-2025-12474","CVE-2026-1837"],"summary":"Security update for libjxl","upstream":["CVE-2025-12474","CVE-2026-1837"]}