VDB
KO
MEDIUM 6.2

GHSA-66m8-c62j-h6v5

jxl-oxide: `FrameBuffer::new` creates out-of-bounds slices on overflow

Details

### Summary `jxl-oxide` exposes a public safe API that can construct an undersized `FrameBuffer` due to unchecked `usize` multiplication, which immediately trigger panic while initializing the buffer in normal decoding path.

Additionally, calling the safe grouped buffer accessors afterward can create invalid oversized slices from a much smaller allocation, causing undefined behavior; however normal decoding path never reaches UB, because these methods are never used within `jxl-oxide`.

### Impact On 32-bit platforms this can cause panic by accessing out-of-range indices, making it a DoS vulnerability.

Are you affected?

Enter the version of the package you're using.

Affected packages

crates.io / jxl-oxide
Introduced in: 0 Fixed in: 0.12.6

Upgrade jxl-oxide to 0.12.6 or newer (ecosystem crates.io).

References