Description
The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
Recommendation
Update the jpeg-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.4.4
- Patched version(s): 0.4.4
References
Related Issues
- music-metadata has an infinite loop vulnerability in ASF parser - CVE-2026-32256
- cumulative-distribution-function Infinite Loop vulnerability - CVE-2021-29486
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
- bn.js affected by an infinite loop - CVE-2026-2739
- Tags:
- npm
- jpeg-js
Anything's wrong? Let us know Last updated on January 27, 2023