Vulnerability Details CVE-2021-36692
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.9%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b
- https://github.com/libjxl/libjxl/issues/308
- https://github.com/libjxl/libjxl/pull/313
- https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b
- https://github.com/libjxl/libjxl/issues/308
- https://github.com/libjxl/libjxl/pull/313
Products affected by CVE-2021-36692
-
cpe:2.3:a:libjxl_project:libjxl:0.3.7