GHSA-2v8p-fqpx-2q3wMediumCVSS 6.2Disclosed before NVD
jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)
📋 Description
Summary
Logic bug in decode_simple_table_slow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled.
Impact
Denial of service: any application passing untrusted JXL data to JxlImage::render_frame (or equivalent) can be
crashed. Affects all builds with overflow checks enabled, which includes debug builds and any release build
that sets overflow-checks = true in Cargo.toml or [profile.*].
No memory corruption is possible — the panic fires before any unsafe code is reached.
🎯 Affected products1
- rust/jxl-modular:<= 0.11.2