Cagelight

**Name of the Vulnerable Software and Affected Versions** libjxl version 0.3.7 **Description** The issue is a Divide By Zero error in the `jxl::DecodeImageAPNG()` function located in `lib/extras/codec apng.cc`. This error can be triggered when encoding a malicious APNG file using `cjxl`, allowing an attacker to cause a denial of service. **Recommendations** For libjxl version 0.3.7, consider disabling the `jxl::DecodeImageAPNG()` function until a patch is available to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.