CNNVD-202511-2429 Information
CNNVD ID
CNNVD-202511-2429
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
Espressif IoT Development Framework是Espressif Systems开源的一个物联网开发框架。 Espressif IoT Development Framework 5.5.1版本、5.4.3版本和5.3.4版本存在数字错误漏洞,该漏洞源于JPEG解码器缺少验证,可能导致越界访问。
Description (English)
Espressif IoT Development Platform is an open-source network development framework for Espressif Systems. There is a digital error gap in Espressif IoT Development Platform, Version 5.5.1, Version 5.4.3 and Version 5.3.4, resulting from the lack of validation of JPEG decoders, which may lead to cross-border access.
Hazard Level
High
Vulnerability Type
数字错误
Affected Vendor
Espressif Systems
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27 https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42 https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17 https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8 https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c https://access.redhat.com/security/cve/cve-2025-65092
Patch
https://github.com/espressif/esp-idf/releases
Share on: