Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infinite loop in jpeg-js #107

Closed
1 of 4 tasks
TheKingTermux opened this issue Aug 15, 2022 · 0 comments · Fixed by #129
Closed
1 of 4 tasks

Infinite loop in jpeg-js #107

TheKingTermux opened this issue Aug 15, 2022 · 0 comments · Fixed by #129
Labels
Auto Create Issues Label for Auto Created Issues High This label for Security Severity only Security Label for Security Issues
Milestone
Alice 1.0.6

Comments

@TheKingTermux
Copy link
Owner

Description

The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.

Severity Check

  • Low
  • Moderate
  • High
  • Critical

Severity Number

7.5

CVSS base metrics

  • Attack vector
    Network

  • Attack complexity
    Low

  • Privileges required
    None

  • User interaction
    None

  • Scope
    Unchanged

  • Confidentiality
    None

  • Integrity
    None

  • Availability
    High

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

  • Weaknesses
    CWE-835

  • CVE ID
    CVE-2022-25851

  • GHSA ID
    GHSA-xvf7-4v9q-58w6

Information

  • Package
    jpeg-js (npm)

  • Affected versions
    < 0.4.4

  • Patched versions
    0.4.4

References
@TheKingTermux TheKingTermux added Security Label for Security Issues Auto Create Issues Label for Auto Created Issues labels Aug 15, 2022
@TheKingTermux TheKingTermux mentioned this issue Sep 15, 2022
Merged
1 task
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 17, 2022
@TheKingTermux TheKingTermux added the High This label for Security Severity only label May 9, 2023
@TheKingTermux TheKingTermux added this to the Alice 1.0.6 milestone Jun 13, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Auto Create Issues Label for Auto Created Issues High This label for Security Severity only Security Label for Security Issues
Projects
None yet
Milestone
Alice 1.0.6
Development

Successfully merging a pull request may close this issue.

Update dependency jpeg-js to 0.4.4 [SECURITY] TheKingTermux/alice
1 participant
@TheKingTermux