Infinite loop in jpeg-js #107
Labels
Auto Create Issues
Label for Auto Created Issues
High
This label for Security Severity only
Security
Label for Security Issues
Milestone
Description
The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
Severity Check
Severity Number
7.5
CVSS base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weaknesses
CWE-835
CVE ID
CVE-2022-25851
GHSA ID
GHSA-xvf7-4v9q-58w6
Information
Package
jpeg-js (npm)
Affected versions
< 0.4.4
Patched versions
0.4.4
References
https://nvd.nist.gov/vuln/detail/CVE-2022-25851
jpeg-js DoS (infinite loop) jpeg-js/jpeg-js#105
Add limits on sampling factors jpeg-js/jpeg-js#106
jpeg-js/jpeg-js@9ccd35f
https://snyk.io/vuln/SNYK-JAVA-
ORGWEBJARSNPM-2860295
https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218
The text was updated successfully, but these errors were encountered: