CVE-2025-70103 Overview
CVE-2025-70103 is a heap buffer overflow vulnerability in libjxl version 0.12.0. The flaw resides in the jxl::extras::DecodeImagePNM function within lib/extras/dec/pnm.cc. An attacker can trigger the overflow by supplying a crafted Portable Bitmap (PBM) image to any application that uses the affected library for image decoding. The weakness is classified as a heap-based buffer overflow [CWE-122]. Because libjxl is the reference implementation for the JPEG XL image format, the vulnerability impacts a broad range of downstream applications, browsers, and image processing pipelines that consume untrusted image input over the network.
Critical Impact
A network-reachable attacker can corrupt heap memory in any process that decodes attacker-supplied PBM images using libjxl 0.12.0, potentially leading to denial of service or further exploitation.
Affected Products
- libjxl 0.12.0
- Applications and libraries that statically or dynamically link libjxl 0.12.0 for PNM/PBM decoding
- Downstream packages bundling the vulnerable lib/extras/dec/pnm.cc source file
Discovery Timeline
- 2026-05-27 - CVE-2025-70103 published to the National Vulnerability Database
- 2026-05-27 - Last updated in NVD database
Technical Details for CVE-2025-70103
Vulnerability Analysis
The vulnerability is a heap-based buffer overflow in the PNM image decoder shipped with libjxl. PNM is an umbrella format covering PBM (bitmap), PGM (graymap), and PPM (pixmap) images. The affected routine, jxl::extras::DecodeImagePNM, parses PNM headers and pixel payloads before allocating and populating an output buffer. When a malformed PBM image declares geometry or payload sizes that do not match the actual data layout expected by the decoder, the function writes past the bounds of the heap allocation backing the decoded pixel buffer.
The overflow occurs during image parsing, before any application-level validation can intervene. Because PNM parsing happens early in the image pipeline, the vulnerable code path is reachable in any context where libjxl accepts untrusted image data, including web browsers, thumbnail services, document processors, and command-line conversion tools.
Root Cause
The root cause is insufficient validation of attacker-controlled size and dimension fields in the PBM header against the size of the destination heap buffer in lib/extras/dec/pnm.cc. The decoder trusts header-derived length values when copying pixel data, allowing a mismatch between declared geometry and the allocated buffer. The upstream fix is tracked in the libjxl repository through issue 4337 and the corresponding pull request 4338.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction beyond loading or processing the malicious image. An attacker delivers a crafted PBM file through any channel that ultimately reaches a libjxl-backed decoder, such as a web upload endpoint, an email attachment scanner, a chat client preview generator, or a cloud image processing function. When the decoder parses the malformed image, the heap overflow is triggered in the host process.
No verified public exploit code is referenced in the advisory. Technical details and a proof-of-concept artifact are available through the libjxl GitHub Issue 4337, the libjxl Pull Request 4338, and the PoC repository published by sigdevel.
Detection Methods for CVE-2025-70103
Indicators of Compromise
- Crashes or abort signals in processes linked against libjxl 0.12.0 while handling PNM, PBM, PGM, or PPM input
- AddressSanitizer or heap corruption reports referencing jxl::extras::DecodeImagePNM in lib/extras/dec/pnm.cc
- Inbound PBM files with header dimension fields that do not match the size of the pixel payload
Detection Strategies
- Inventory all software dependencies for libjxl 0.12.0 using software composition analysis tools and package manifests
- Run fuzzing or sanitizer-enabled builds of image processing services against PBM corpora to surface heap violations early
- Inspect application logs for repeated decoder crashes correlated with user-supplied image uploads
Monitoring Recommendations
- Monitor crash telemetry from image-handling processes for segmentation faults and heap corruption signatures
- Alert on unexpected child process creation or memory anomalies in services that decode user-submitted images
- Track outbound network connections from image processing workers, which may indicate post-exploitation activity following memory corruption
How to Mitigate CVE-2025-70103
Immediate Actions Required
- Identify all systems and container images that ship libjxl 0.12.0 and prioritize them for update
- Restrict or temporarily disable PNM and PBM decoding in user-facing services until a patched build is deployed
- Apply the upstream patch from libjxl Pull Request 4338 or upgrade to a libjxl release that incorporates the fix
Patch Information
The upstream fix is tracked in the libjxl project on GitHub. Review Issue 4337 for the bug report and Pull Request 4338 for the corresponding code change. Rebuild and redeploy any application that statically links libjxl after applying the patched source. For dynamically linked deployments, update the shared library package through the operating system or distribution package manager once a fixed version is available.
Workarounds
- Reject PNM, PBM, PGM, and PPM file types at the application or proxy layer until patched binaries are deployed
- Run image decoding workloads in sandboxed processes with seccomp, namespaces, or container isolation to contain heap corruption impact
- Enable compiler hardening flags such as -D_FORTIFY_SOURCE=2, stack canaries, and AddressSanitizer in non-production validation builds to surface exploitation attempts
# Configuration example: block PNM uploads at an nginx ingress until libjxl is patched
location /upload {
if ($request_filename ~* \.(pbm|pgm|ppm|pnm)$) {
return 415;
}
client_max_body_size 5m;
proxy_pass http://image_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
