CVE-2025-70103

HIGH

libjxl 0.12.0 - Heap Buffer Overflow via Crafted PBM Images in DecodeImagePNM

Title source: llm

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.

Core 5

Core References

Mailing List

CVSS v3 7.3

EPSS 0.0035

EPSS Percentile 26.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

CWE

CWE-122

Status published

Published May 27, 2026

Tracked Since May 27, 2026