ALAS2023-2026-1828

Amazon Linux 2023 Security Advisory: ALAS2023-2026-1828
Advisory Released Date: 2026-06-22
Advisory Updated Date: 2026-06-22
Severity: Important
Issue Overview:

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. (CVE-2025-70103)


Affected Packages:

jpegxl


Issue Correction:
Run dnf update jpegxl --releasever 2023.12.20260622 or dnf update --advisory ALAS2023-2026-1828 --releasever 2023.12.20260622 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    jxl-pixbuf-loader-debuginfo-0.10.3-56.amzn2023.aarch64
    libjxl-devtools-debuginfo-0.10.3-56.amzn2023.aarch64
    libjxl-debuginfo-0.10.3-56.amzn2023.aarch64
    jpegxl-debuginfo-0.10.3-56.amzn2023.aarch64
    jxl-pixbuf-loader-0.10.3-56.amzn2023.aarch64
    libjxl-0.10.3-56.amzn2023.aarch64
    libjxl-utils-debuginfo-0.10.3-56.amzn2023.aarch64
    jpegxl-debugsource-0.10.3-56.amzn2023.aarch64
    libjxl-devel-0.10.3-56.amzn2023.aarch64
    libjxl-utils-0.10.3-56.amzn2023.aarch64
    libjxl-devtools-0.10.3-56.amzn2023.aarch64

noarch:
    jpegxl-doc-0.10.3-56.amzn2023.noarch

src:
    jpegxl-0.10.3-56.amzn2023.src

x86_64:
    libjxl-devtools-debuginfo-0.10.3-56.amzn2023.x86_64
    jxl-pixbuf-loader-debuginfo-0.10.3-56.amzn2023.x86_64
    jpegxl-debuginfo-0.10.3-56.amzn2023.x86_64
    libjxl-debuginfo-0.10.3-56.amzn2023.x86_64
    libjxl-utils-debuginfo-0.10.3-56.amzn2023.x86_64
    jxl-pixbuf-loader-0.10.3-56.amzn2023.x86_64
    libjxl-devel-0.10.3-56.amzn2023.x86_64
    libjxl-utils-0.10.3-56.amzn2023.x86_64
    libjxl-devtools-0.10.3-56.amzn2023.x86_64
    libjxl-0.10.3-56.amzn2023.x86_64
    jpegxl-debugsource-0.10.3-56.amzn2023.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-70103

Mitre: CVE-2025-70103