Back

Severe libjxl Vulnerability in Ubuntu Leads to Potential Denial of Service

Severity: High (Score: 70.5)

Sources: Linuxsecurity, Ubuntu

Published: 2026-06-08 · Updated: 2026-06-08

Keywords: libjxl, ubuntu, crafted, made, crash, programs, opened

Severity indicators: severe

Summary

A vulnerability in the libjxl library affects Ubuntu 26.04 LTS and 25.10, allowing attackers to crash the software or execute arbitrary code through specially crafted PBM images. Discovered on June 8, 2026, the flaw could lead to denial of service attacks. Users are advised to update their systems to mitigate the risk. The affected package versions include libjxl-tools 0.11.1-6ubuntu4.2 for Ubuntu 26.04 LTS and libjxl-tools 0.11.1-6ubuntu1.2 for Ubuntu 25.10. Ubuntu Pro offers ten-year security coverage for over 25,000 packages, which includes this update. A standard system update will implement the necessary changes to address this vulnerability. Key Points: • libjxl vulnerability affects Ubuntu 26.04 LTS and 25.10, allowing potential crashes. • Attackers can exploit crafted PBM images to execute arbitrary code or cause denial of service. • Users are urged to update to specific package versions to mitigate the vulnerability.

Detailed Analysis

**Impact** Ubuntu 26.04 LTS, Ubuntu 25.10, and their derivatives are affected by this vulnerability in libjxl, a JPEG XL codec implementation. The flaw allows attackers to cause denial of service or execute arbitrary code by opening specially crafted PBM image files. This impacts any systems using vulnerable libjxl versions, potentially disrupting services or compromising systems in sectors relying on Ubuntu deployments worldwide. No specific data breach or sector targeting is reported. **Technical Details** The vulnerability arises from improper handling of crafted PBM images by libjxl, enabling crashes or arbitrary code execution. The attack vector involves processing malicious image files, affecting the kill chain at the exploitation stage. No CVE identifiers or malware/tool names are provided. No infrastructure details or IOCs are mentioned in the sources. **Recommended Response** Apply the security updates immediately by upgrading libjxl packages to versions 0.11.1-6ubuntu4.2 for Ubuntu 26.04 LTS and 0.11.1-6ubuntu1.2 for Ubuntu 25.10 as outlined in USN-8397-1. Conduct standard system updates to ensure all necessary changes are applied. Monitor for unusual crashes or execution behavior related to image processing but no specific detection signatures or indicators are provided.

Source articles (2)

  • USN-8397-1: libjxl vulnerability — Ubuntu · 2026-06-08
    libjxl could be made to crash or run programs if it opened a specially crafted file. It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use th…
  • Ubuntu 26.04 LTS libjxl Severe Denial of Service USN-8397 — Linuxsecurity · 2026-06-08
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: libjxl could be made to crash or run programs if it opened a specially crafted file. S…

Timeline

  • 2026-06-08 — libjxl vulnerability discovered: A flaw in libjxl allows crashing or arbitrary code execution via crafted PBM images, affecting Ubuntu 26.04 LTS and 25.10.
  • 2026-06-08 — Security notice published: Ubuntu issued USN-8397-1 detailing the libjxl vulnerability and providing update instructions.

Related entities

  • Denial of Service (Attack Type)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed