Description
The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
Recommendation
Update the jpeg-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.4.4
- Patched version(s): 0.4.4
References
Related Issues
- cumulative-distribution-function Infinite Loop vulnerability - CVE-2021-29486
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
- qs vulnerable to Prototype Pollution - CVE-2022-24999
- lite-server vulnerable to Denial of Service - CVE-2022-25940
- Tags:
- npm
- jpeg-js
Anything's wrong? Let us know Last updated on January 27, 2023