-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6342-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
June 12, 2026                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jpeg-xl
CVE ID         : CVE-2025-70103

It was discovered that missing input sanitising in the PNM/PBM parser of
the reference code implementation of the JPEG XL format could result
in denial of service or potentially the execution of arbitrary code if
malformed images are processed.

For the stable distribution (trixie), this problem has been fixed in
version 0.11.2-0.1~deb13u2.

We recommend that you upgrade your jpeg-xl packages.

For the detailed security status of jpeg-xl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jpeg-xl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmosVKYACgkQEMKTtsN8
TjZJXQ//Rn203buSJnYbqSOkaiOtgT9VTewuNz0QdNOdzNDjaimNMiYecSKZRodk
y+H+4XRYTP2Z+w1pFKzkDr8P5in0FU182IMrJAcBGHH8oN33ezY1G6PoS+R1WU0r
YBjZm/JZi30pJ7Z0ezQsX+CIlupXhilQ9xvvYLSQYhjb2Xc4yqGu0tV8Fywv6BeP
1b+h0oq+TW+Sl+8y8Jbuna8uv9seuNi9KUyL+hQXMVIctY10aZXInQY22DuUyEuk
P9jJoBkvT/C2/YR/MuCNJlTyR767nLU3dgmMq0ubkjW5tP2lXIYFlHzbDTo2Kemt
U3T8krvHsHDc3dDisTigQ4ANE239jirApNm41VvYqQu9n81l04we6yOHkRC3s8RZ
raVtG22PvcM2mYZ6TPAH5hPK1Zzu89uuc2FFRQXFTE7G4yTtdA15RGtsQD8hCx1e
qeBe5VmQ52A9rtA9wCfW8XAct3QkJjtc5h6w8kN+k/cUoHUAhL4MoU+j8hTAyflq
gt6XvFhX+GcCDogvzSzY1j2tYk3hjbz0yeaYg3oGa1N3wpDISlP2BdD2eQIzMg0b
QUTyWvNMdnstpOt5OKfgNH06fqJNKjKm/i7rLvoP73HlMUUkcf0A/S9dXf0ou8l0
kpMnqlLENfdBwEy3iODIGajkSaH5At06wOgvBnynbHXouIv4Miw=
=XCsD
-----END PGP SIGNATURE-----

Reply via email to