A vulnerability has been found in libjxl which could result in denial of service.
|Package||media-libs/libjxl on all architectures|
|Affected versions||< 0.7.0_pre20220825|
|Unaffected versions||>= 0.7.0_pre20220825|
libjxl is the JPEG XL image format reference implementation.
libjxl contains an unecessary assertion in jxl::LowMemoryRenderPipeline::Init.
An attacker can cause a denial of service of the libjxl process via a crafted input file.
There is no known workaround at this time.
All users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libjxl-0.7.0_pre20220825"
October 31, 2022
October 31, 2022: 1