This update for libjxl fixes the following issues:
- Update to release 0.8.5 (boo#1258090):
* fix tile dimension in low memory rendering pipeline [CVE-2025-12474].
- Update to release 0.8.4
* Huffman lookup table size fix [CVE-2024-11403]
* Check height limit in modular trees [CVE-2024-11498]
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-106=1
- openSUSE Backports SLE-15-SP7 (aarch64 i586 s390x x86_64):
gdk-pixbuf-loader-jxl-0.8.5-bp157.2.3.1
gimp-plugin-jxl-0.8.5-bp157.2.3.1
libjxl-devel-0.8.5-bp157.2.3.1
libjxl-tools-0.8.5-bp157.2.3.1
libjxl0_8-0.8.5-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (aarch64_ilp32):
libjxl0_8-64bit-0.8.5-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (noarch):
jxl-thumbnailer-0.8.5-bp157.2.3.1
- openSUSE Backports SLE-15-SP7 (x86_64):
libjxl0_8-32bit-0.8.5-bp157.2.3.1
https://www.suse.com/security/cve/CVE-2024-11403.html
https://www.suse.com/security/cve/CVE-2024-11498.html
https://www.suse.com/security/cve/CVE-2025-12474.html
https://bugzilla.suse.com/1233763
https://bugzilla.suse.com/1233783
https://bugzilla.suse.com/1258090