-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe analysis is based on the vulnerability description and, critically, the detailed information provided in the GitHub issue #422. The issue includes a GDB backtrace and variable values at the time of the crash, which directly point to jxl::PlaneBase::PlaneBase as the site of the assertion failure. The assertion JXL_CHECK(bytes_.get()) fails because an attempt to allocate an excessively large memory region (calculated from bytes_per_row_ * ysize) returns a null pointer. The values for ysize and bytes_per_row_ are derived from the input GIF file. The GDB stack trace also implicates jxl::DecodeImageGIF as the function responsible for processing the GIF input and passing data that leads to the vulnerable state. No commit information or patches were available, so the evidence relies on the bug report's technical details. The vulnerability is a reachable assertion (CWE-617) leading to a denial of service when encoding a malicious GIF.