Home / mailings [USN-8146-1] libjxl vulnerability
Posted on 02 April 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8146-1
April 02, 2026
jpeg-xl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
Summary:
libjxl could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- jpeg-xl: Reference codec implementation for JPEG XL compressed raster image format
Details:
Daniel Novomeský discovered that libjxl did not properly manage memory when
decoding certain files. An attacker could use this issue to cause
libjxl to crash, resulting in denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libjpegxl-java 0.11.1-6ubuntu1.1
libjxl-tools 0.11.1-6ubuntu1.1
libjxl0.11 0.11.1-6ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8146-1
CVE-2026-1837
Package Information:
https://launchpad.net/ubuntu/+source/jpeg-xl/0.11.1-6ubuntu1.1
--===============1549324884587577408==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
