Untriaged
Permalink
CVE-2026-55687
7.5 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): None (N)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): None (N)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
ESF-IDF: Stack-Based Out-of-Bounds Write in JPEG Decoder DQT Marker Parsing
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
References
-
https://github.com/espressif/esp-idf/security/advisories/GHSA-v6r2-f6p2-88cj x_refsource_CONFIRM
-
https://github.com/espressif/esp-idf/releases/tag/v6.0.2 x_refsource_MISC
Affected products
esp-idf
- ==<= 5.3.5
- ==>= 6.0.0, < 6.0.2
- ==>= 5.5.0, <= 5.5.4
- ==>= 5.4.0, <= 5.4.4
Matching in nixpkgs
Package maintainers
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>