Version 0.12.6 of jxl-oxide has a few security bugfixes, one of which fixes buffer overflow vulnerability in 32-bit platforms. Users are recommended to upgrade, especially if targeting 32-bit platforms.
Fixed
jxl-grid: Fix multiple integer overflows in jxl-grid (GHSA-5pmv-rx8r-wmv5, reported by @Shnatsel).jxl-modular: Fix integer overflow while decoding Modular image with MA table node (GHSA-2v8p-fqpx-2q3w, reported by @impost0r).jxl-oxide: Fix a soundness issue in jxl-oxide framebuffer (GHSA-66m8-c62j-h6v5, reported by @Shnatsel).jxl-grid: Prevent downstream crates from implementingSimdVector(#494).jxl-render: Fixf32::clamppanic withNaN's in upsampling (#485).
New Contributors
- @Mrmaxmeier made their first contribution in #485
Full Changelog: 0.12.5...0.12.6