CVE-2022-25851

Опубликовано: 10 июн. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

Ссылки

https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27
Patch
Third Party Advisory
https://github.com/jpeg-js/jpeg-js/issues/105
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jpeg-js/jpeg-js/pull/106/
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218
Third Party Advisory
https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27
Patch
Third Party Advisory
https://github.com/jpeg-js/jpeg-js/issues/105
Exploit
Issue Tracking
Third Party Advisory
https://github.com/jpeg-js/jpeg-js/pull/106/
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jpeg-js_project:jpeg-js:*:*:*:*:*:node.js:*:*

Версия до 0.4.4 (исключая)

EPSS

Процентиль: 67%

0.00537

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

GHSA-xvf7-4v9q-58w6