Description
The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
Recommendation
Update the jpeg-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.4.4
- Patched version(s): 0.4.4
References
Related Issues
- jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs - CVE-2026-4598
- music-metadata has an infinite loop vulnerability in ASF parser - CVE-2026-32256
- bn.js affected by an infinite loop - CVE-2026-2739
- Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input - CVE-2026-33891
You might also like:
- Tags:
- npm
- jpeg-js
Anything's wrong? Let us know Last updated on January 27, 2023