The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.
References
Link | Resource |
---|---|
https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27 | Patch Third Party Advisory |
https://github.com/jpeg-js/jpeg-js/issues/105 | Exploit Issue Tracking Third Party Advisory |
https://github.com/jpeg-js/jpeg-js/pull/106/ | Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295 | Third Party Advisory |
https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2022-06-10T00:00:00
Updated: 2022-06-10T20:05:52
Reserved: 2022-02-24T00:00:00
Link: CVE-2022-25851
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-10T20:15:08.173
Modified: 2022-06-17T17:21:15.713
Link: CVE-2022-25851
JSON object: View
Redhat Information
No data.
CWE