UbuntuUpdates.org

Package "jpeg-xl"

Name: jpeg-xl

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • JPEG XL Image Coding System - "JXL" (documentation)
  • JPEG XL Image Coding System - "JXL" (java bindings)
  • JPEG XL Image Coding System - "JXL" (development files)
  • JPEG XL Image Coding System - "JXL" (dev command line utility)
Latest version: 0.7.0-10.2ubuntu6.1
Release: noble (24.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "jpeg-xl" in Noble

Repository Area Version
base universe 0.7.0-10.2ubuntu6
updates universe 0.7.0-10.2ubuntu6.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.7.0-10.2ubuntu6.1 2025-07-14 23:09:56 UTC

  jpeg-xl (0.7.0-10.2ubuntu6.1) noble-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read causes segmentation fault
    - debian/patches/CVE-2023-0645.patch: Add additional checks to
    lib/jxl/exif.h.
    - CVE-2023-0645
  * SECURITY UPDATE: Integer underflow causes denial-of-service
    - debian/patches/CVE-2023-35790.patch: Fix integer underflow bug
    in lib/jxl/dec_patch_dictionary.cc.
    - CVE-2023-35790
  * SECURITY UPDATE: Out-of-bounds write
    - debian/patches/CVE-2024-11403.patch: Fix the Huffman lookup table
    size in lib/jxl/jpeg/enc_jpeg_huffman_decode.h.
    - CVE-2024-11403
  * SECURITY UPDATE: Stack buffer overflow
    - debian/patches/CVE-2024-11498.patch: Check height limit of trees in
    lib/jxl/modular/encoding/dec_ma.cc.
    - CVE-2024-11498

 -- Edwin Jiang <email address hidden> Mon, 07 Jul 2025 19:45:28 +0000
CVE-2023-0645 An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recom
CVE-2023-35790 An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, su
CVE-2024-11403 There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JP
CVE-2024-11498 There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to


About   -   Send Feedback to @ubuntu_updates