CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-66m8-c62j-h6v5: jxl-oxide: `FrameBuffer::new` creates out-of-bounds slices on overflow

mediumCVSS 6.2
Summary jxl-oxide exposes a public safe API that can construct an undersized FrameBuffer due to unchecked usize multiplication, which immediately trigger panic while initializing the buffer in normal decoding path. Additionally, calling the safe grouped buffer accessors afterward can create invalid oversized slices from a much smaller allocation, causing undefined behavior; however normal decoding path never reaches UB, because these methods are never used within jxl-oxide. Impact On 32-bit platforms this can cause panic by accessing out-of-range indices, making it a DoS vulnerability.

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 6.2
Published
2026-07-02
Last updated
2026-07-02
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-66m8-c62j-h6v5

More from GitHub Security Advisories