PT-2026-57221 · Espressif · Esp-Idf
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-55687
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg parse dqt marker() in components/esp driver jpeg/jpeg parse marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
Fix
Memory Corruption
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Esp-Idf