CVE-2021-36692

MEDIUM

Libjxl - Divide By Zero

Title source: rule

Description

libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.

References (3)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/libjxl/libjxl/issues/308

[Patch, Third Party Advisory] https://github.com/libjxl/libjxl/pull/313

[Patch, Third Party Advisory] https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b

Scores

CVSS v3 6.5

EPSS 0.0031

EPSS Percentile 54.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-369

Status published

Products (1)

libjxl_project/libjxl 0.3.7

Published Aug 30, 2021

Tracked Since Feb 18, 2026