Description
The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
Recommendation
Update the jpeg-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.4.4
- Patched version(s): 0.4.4
References
Related Issues
- SQL injection in typeORM - CVE-2022-33171
- Uncontrolled resource consumption in jpeg-js - CVE-2020-8175
- Code Injection in mquery - CVE-2020-35149
- Incorrect default cookie name and recommendation - Vulnerability
- Tags:
- npm
- jpeg-js
Anything's wrong? Let us know Last updated on January 27, 2023