CVE-2025-68622

Name of the Vulnerable Software and Affected Versions Espressif ESP-IDF versions prior to 2.4.0

Description The ESP-IDF USB Host UVC Class Driver, used for video streaming from USB cameras, contains a flaw in the esp-usb UVC host implementation. A malicious USB Video Class (UVC) device can trigger a stack buffer overflow during configuration-descriptor parsing. When UVC configuration-descriptor printing is enabled, the host prints descriptor information from the USB device. A crafted UVC descriptor advertising a large length, which is not validated before being copied into a fixed-size stack buffer, can cause a buffer overflow and memory corruption.

Recommendations Update to version 2.4.0 or later.