CVE-2025-65092 in esp-idfinformación

Resumen

por MITRE • 2025-11-22

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

GitHub M

Reservar

2025-11-17

Divulgación

2025-11-22

Moderación

aceptado

Artículo

VDB-333282

CPE

listo

CWE

CWE-125 (confirmado)

CVSS

5.3 (VulDB)

EPSS

0.00086

KEV

Actividades

muy bajo

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-65092
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-65092
CVE Details	https://www.cvedetails.com/cve/CVE-2025-65092/

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!