CVE-2026-55687 in esp-idf
Summary
by MITRE • 07/10/2026
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/10/2026
The Espressif Internet of Things development framework represents a comprehensive software ecosystem designed for building connected devices using Espressif's proprietary hardware platforms. This framework serves as the foundation for IoT applications across various industries including smart home appliances, industrial sensors, and embedded systems requiring wireless connectivity. The jpeg_parse_dqt_marker function within the esp_driver_jpeg component specifically handles parsing of JPEG DQT (Define Quantization Table) markers during image processing operations. This functionality is critical for IoT devices that process or transmit JPEG formatted images, particularly in applications involving camera modules, image capture systems, or multimedia interfaces.
The vulnerability manifests as an out-of-bounds write condition within the jpeg_parse_dqt_marker function located at components/esp_driver_jpeg/jpeg_parse_marker.c. The technical flaw stems from inadequate input validation where the attacker-controlled Tq nibble value from the DQT marker is directly used as an index into the qt_tbl array without proper range checking. This design oversight allows maliciously crafted JPEG files to specify a Tq value outside the valid range of 0-3, which corresponds to the expected number of quantization tables. When the application attempts to access qt_tbl[Tq] where Tq exceeds the array bounds, memory corruption occurs that can overwrite adjacent stack memory locations and potentially lead to arbitrary code execution or system instability.
The operational impact of this vulnerability extends beyond simple denial of service scenarios as it represents a critical security weakness in IoT device firmware implementations. Attackers can reliably trigger system crashes or unpredictable behavior by submitting malformed JPEG data to devices running affected ESF-IDF versions, effectively creating a persistent denial of service condition that compromises device availability and reliability. This vulnerability affects multiple major releases including 6.0.1, 5.5.4, 5.4.4, and 5.3.5, indicating a widespread issue across the framework's version history that impacts numerous IoT deployments and embedded systems using Espressif hardware platforms.
Security professionals should note this vulnerability aligns with CWE-787 (Out-of-bounds Write) and represents a classic buffer overflow condition that can be exploited through improper input validation. The ATT&CK framework categorizes this issue under privilege escalation and denial of service tactics, as the vulnerability allows adversaries to manipulate device operation and potentially gain unauthorized control over system resources. Organizations deploying IoT solutions using Espressif hardware platforms should prioritize immediate firmware updates to versions 6.0.2 or later, with the expected fixes in 5.5.5, 5.4.5, and 5.3.6 providing additional mitigation options for legacy deployments where immediate upgrades are not feasible. The remediation strategy emphasizes proper input validation mechanisms and defensive programming practices to prevent similar issues in future implementations of image processing components within IoT frameworks.