CVE-2021-36692
MEDIUMlibjxl v0.3.7 - Denial of Service via APNG Decoding
Title source: llmDescription
libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/libjxl/libjxl/issues/308
Patch, Third Party Advisory x_refsource_misc
https://github.com/libjxl/libjxl/pull/313
Patch, Third Party Advisory x_refsource_misc
https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b
Scores
CVSS v3
6.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-369
Status
published
Products (1)
libjxl_project/libjxl
0.3.7
Published
Aug 30, 2021
Tracked Since
Feb 18, 2026