That's why both Mozilla and Google have predicated their JXL support on a memory-safe implementation. There's a Rust one in the works.

I think Google are aiming to replace all of Chromiums decoders with memory-safe ones anyway, even for relatively simple formats.

> Have you seen JPEG XL source code? I like the format, but the reference implementation in C++ looked pretty bad at least 2 years ago. I hope they rewrote it, because it surely looked like a security issue waiting to happen.

At this point, in 2025, any substantial (non-degenerative) image processing written in C++ is a security issue waiting to happen. That's not specific to JPEG XL.