Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Availability-only DoS (A:H, C:N/I:N) with no auth or interaction; AV:N retained since JPEG input is often network-sourced, though reachability is application-dependent.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
AnalysisAI
Denial of service in Espressif's ESP-IDF JPEG driver (versions 6.0.1, 5.5.4, 5.4.4, 5.3.5 and likely earlier) stems from an out-of-bounds stack write in jpeg_parse_dqt_marker(), where the attacker-controlled DQT marker Tq nibble indexes the qt_tbl array without a 0..3 bounds check. Any application that feeds untrusted JPEG data into the hardware JPEG decode path can be reliably crashed by a single malformed image. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that attacker-controlled JPEG data reach the ESP-IDF hardware JPEG decode path (jpeg_parse_dqt_marker), i.e. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are consistent for a medium-to-high availability issue but do not indicate an emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can deliver a JPEG to a device whose firmware decodes it - for instance uploading an image to a network-connected ESP32-P4 appliance or serving a malicious frame to a client that fetches remote images - crafts a JPEG whose DQT marker sets the Tq nibble to a value of 4 or higher. When the driver parses the marker it writes out of bounds on the stack, corrupting memory and crashing the device, forcing a reboot or hang. … |
| Remediation | Vendor-released patch: ESP-IDF 6.0.2 - upgrade to it on the 6.0.x branch and rebuild/reflash affected firmware. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit production inventory to identify ESP-IDF versions in use across deployed systems and repositories. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Espressif Esp idf v5.3.0 is vulnerable to Insecure Permissions resulting in Authentication bypass. Rated high severity (
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 allows th
An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script t
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes
A security vulnerability in the ESP-NOW protocol implementation within the ESP Wi-Fi component of (CVSS 9.8). Critical s
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earli
Privilege escalation from REE to TEE in Espressif ESP-IDF 5.5.4 and 6.0 lets a low-privileged user-application caller ab
ESP-IDF is the official development framework for Espressif SoCs. Rated high severity (CVSS 8.8), this vulnerability is
The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page up
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the external
Remote denial-of-service in Espressif ESP-IDF's esp_http_server WebSocket handshake allows unauthenticated attackers to
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42939