Vulnerabilities > CVE-2021-36692 - Divide By Zero vulnerability in Libjxl Project Libjxl 0.3.7

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

libjxl-project

CWE-369

NVD

Published: 2021-08-30

Updated: 2021-09-07

Summary

libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.

Vulnerable Configurations

Part	Description	Count
Application	Libjxl_Project Libjxl Project Libjxl 0.3.7	1

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

References

https://github.com/libjxl/libjxl/pull/313
https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b
https://github.com/libjxl/libjxl/issues/308