libjxl: Denial of Service — GLSA 202210-36

A vulnerability has been found in libjxl which could result in denial of service.

Affected packages

media-libs/libjxl on all architectures
Affected versions < 0.7.0_pre20220825
Unaffected versions >= 0.7.0_pre20220825

Background

libjxl is the JPEG XL image format reference implementation.

Description

libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init.

Impact

An attacker can cause a denial of service of the libjxl process via a crafted input file.

Workaround

There is no known workaround at this time.

Resolution

All users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/libjxl-0.7.0_pre20220825"
 

References

Release date
October 31, 2022

Latest revision
October 31, 2022: 1

Severity
low

Exploitable
remote

Bugzilla entries