-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : jpeg-xl CVE ID : CVE-2025-70103 It was discovered that missing input sanitising in the PNM/PBM parser of the reference code implementation of the JPEG XL format could result in denial of service or potentially the execution of arbitrary code if malformed images are processed. For the stable distribution (trixie), this problem has been fixed in version 0.11.2-0.1~deb13u2. We recommend that you upgrade your jpeg-xl packages. For the detailed security status of jpeg-xl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jpeg-xl Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmosVKYACgkQEMKTtsN8 TjZJXQ//Rn203buSJnYbqSOkaiOtgT9VTewuNz0QdNOdzNDjaimNMiYecSKZRodk y+H+4XRYTP2Z+w1pFKzkDr8P5in0FU182IMrJAcBGHH8oN33ezY1G6PoS+R1WU0r YBjZm/JZi30pJ7Z0ezQsX+CIlupXhilQ9xvvYLSQYhjb2Xc4yqGu0tV8Fywv6BeP 1b+h0oq+TW+Sl+8y8Jbuna8uv9seuNi9KUyL+hQXMVIctY10aZXInQY22DuUyEuk P9jJoBkvT/C2/YR/MuCNJlTyR767nLU3dgmMq0ubkjW5tP2lXIYFlHzbDTo2Kemt U3T8krvHsHDc3dDisTigQ4ANE239jirApNm41VvYqQu9n81l04we6yOHkRC3s8RZ raVtG22PvcM2mYZ6TPAH5hPK1Zzu89uuc2FFRQXFTE7G4yTtdA15RGtsQD8hCx1e qeBe5VmQ52A9rtA9wCfW8XAct3QkJjtc5h6w8kN+k/cUoHUAhL4MoU+j8hTAyflq gt6XvFhX+GcCDogvzSzY1j2tYk3hjbz0yeaYg3oGa1N3wpDISlP2BdD2eQIzMg0b QUTyWvNMdnstpOt5OKfgNH06fqJNKjKm/i7rLvoP73HlMUUkcf0A/S9dXf0ou8l0 kpMnqlLENfdBwEy3iODIGajkSaH5At06wOgvBnynbHXouIv4Miw= =XCsD -----END PGP SIGNATURE-----

