What is GHSA-4xm2-q73p-253r?

GHSA-4xm2-q73p-253r is a security advisory published by GitHub Security Advisories with High severity. Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras:...

Which CVE IDs does GHSA-4xm2-q73p-253r cover?

GHSA-4xm2-q73p-253r covers the following CVE IDs: CVE-2025-70103. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4xm2-q73p-253r?

GHSA-4xm2-q73p-253r has a CVSS v3 base score of 7.3, published by GitHub Security Advisories.

GHSA-4xm2-q73p-253rHighCVSS 7.3

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras:...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 27, 2026

🔗 CVE IDs covered (1)

CVE-2025-70103 →

📋 Description

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2025-70103
https://github.com/libjxl/libjxl/issues/4337
https://github.com/libjxl/libjxl/pull/4338
https://github.com/sigdevel/pocs/blob/main/res/libjxl/2025/2
https://infosec.exchange/@sigdevel/116642233929409910
https://github.com/advisories/GHSA-4xm2-q73p-253r