Out-of-bounds Write Affecting jxl-grid package, versions <0.6.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RUST-JXLGRID-17112318
- published31 May 2026
- disclosed29 May 2026
- creditUnknown
Introduced: 29 May 2026
New CVE NOT AVAILABLE CWE-787 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade jxl-grid to version 0.6.2 or higher.
Overview
Affected versions of this package are vulnerable to Out-of-bounds Write in the AlignedGrid::with_alloc_tracker function due to unchecked multiplication of width and height, which can result in integer overflow on 32-bit platforms. An attacker can achieve arbitrary code execution by supplying a crafted image that causes the allocation of an undersized buffer, leading to out-of-bounds writes during image decoding. This is only exploitable if the code is running on a 32-bit platform and processes attacker-controlled image data.