High severityNVD Advisory· Published Jun 10, 2022· Updated Sep 16, 2024
Denial of Service (DoS)
CVE-2022-25851
Description
The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jpeg-jsnpm | < 0.4.4 | 0.4.4 |
Affected products
2- jpeg-js/jpeg-jsdescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xvf7-4v9q-58w6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-25851ghsaADVISORY
- github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27ghsax_refsource_MISCWEB
- github.com/jpeg-js/jpeg-js/issues/105ghsax_refsource_MISCWEB
- github.com/jpeg-js/jpeg-js/pull/106ghsaWEB
- github.com/jpeg-js/jpeg-js/pull/106/mitrex_refsource_MISC
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-JPEGJS-2859218ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.