Skip to main content

ESP-IDF CVE-2026-55687

| EUVDEUVD-2026-42939 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-10 GitHub_M
7.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Availability-only DoS (A:H, C:N/I:N) with no auth or interaction; AV:N retained since JPEG input is often network-sourced, though reachability is application-dependent.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 18:01 EUVD
Analysis Generated
Jul 10, 2026 - 16:56 vuln.today

DescriptionCVE.org

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.

AnalysisAI

Denial of service in Espressif's ESP-IDF JPEG driver (versions 6.0.1, 5.5.4, 5.4.4, 5.3.5 and likely earlier) stems from an out-of-bounds stack write in jpeg_parse_dqt_marker(), where the attacker-controlled DQT marker Tq nibble indexes the qt_tbl array without a 0..3 bounds check. Any application that feeds untrusted JPEG data into the hardware JPEG decode path can be reliably crashed by a single malformed image. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deliver crafted JPEG to decode path
Delivery
Set DQT Tq nibble to 4-15
Exploit
Out-of-bounds index into qt_tbl
Execution
Stack memory corruption
Impact
Device crash / denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires that attacker-controlled JPEG data reach the ESP-IDF hardware JPEG decode path (jpeg_parse_dqt_marker), i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are consistent for a medium-to-high availability issue but do not indicate an emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can deliver a JPEG to a device whose firmware decodes it - for instance uploading an image to a network-connected ESP32-P4 appliance or serving a malicious frame to a client that fetches remote images - crafts a JPEG whose DQT marker sets the Tq nibble to a value of 4 or higher. When the driver parses the marker it writes out of bounds on the stack, corrupting memory and crashing the device, forcing a reboot or hang. …
Remediation Vendor-released patch: ESP-IDF 6.0.2 - upgrade to it on the 6.0.x branch and rebuild/reflash affected firmware. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit production inventory to identify ESP-IDF versions in use across deployed systems and repositories. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-53406 HIGH POC
8.8 Mar 13

Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. Rated high severity (

CVE-2019-12587 HIGH POC
8.1 Sep 04

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows th

CVE-2020-12638 MEDIUM POC
6.8 Jul 23

An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.

CVE-2024-33454 MEDIUM POC
6.5 May 14

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script t

CVE-2019-12586 MEDIUM POC
6.5 Sep 04

The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes

CVE-2025-52471 CRITICAL
9.8 Jun 24

A security vulnerability in the ESP-NOW protocol implementation within the ESP Wi-Fi component of (CVSS 9.8). Critical s

CVE-2025-66409 CRITICAL
9.1 Dec 02

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earli

CVE-2026-45328 HIGH
8.8 Jun 10

Privilege escalation from REE to TEE in Espressif ESP-IDF 5.5.4 and 6.0 lets a low-privileged user-application caller ab

CVE-2022-24893 HIGH
8.8 Jun 25

ESP-IDF is the official development framework for Espressif SoCs. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2021-28139 HIGH
8.8 Sep 07

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page up

CVE-2024-33453 HIGH
8.1 Oct 17

Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the external

CVE-2026-45541 HIGH
7.5 Jun 10

Remote denial-of-service in Espressif ESP-IDF's esp_http_server WebSocket handshake allows unauthenticated attackers to

Share

CVE-2026-55687 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy