NodeJS/jpeg-js/0.3.7
A pure javascript JPEG encoder and decoder
https://www.npmjs.com/package/jpeg-js
BSD-3-Clause
2 Security Vulnerabilities
Uncontrolled resource consumption in jpeg-js
Published date: 2020-07-27T15:46:57Z
CVE: CVE-2020-8175
Links:
Uncontrolled resource consumption in jpeg-js
before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
Affected versions:
["0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7"]
Secure versions:
[0.4.4]
Recommendation:
Update to version 0.4.4.
Infinite loop in jpeg-js
Published date: 2022-06-11T00:00:17Z
CVE: CVE-2022-25851
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25851
- https://github.com/jpeg-js/jpeg-js/issues/105
- https://github.com/jpeg-js/jpeg-js/pull/106/
- https://github.com/jpeg-js/jpeg-js/commit/9ccd35fb5f55a6c4f1902ac5b0f270f675750c27
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2860295
- https://snyk.io/vuln/SNYK-JS-JPEGJS-2859218
- https://github.com/advisories/GHSA-xvf7-4v9q-58w6
The package jpeg-js before 0.4.4 is vulnerable to Denial of Service (DoS) where a particular piece of input will cause the program to enter an infinite loop and never return.
Affected versions:
["0.0.1", "0.0.2", "0.0.3", "0.0.4", "0.1.0", "0.1.1", "0.1.2", "0.2.0", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.4.0", "0.4.1", "0.4.2", "0.4.3"]
Secure versions:
[0.4.4]
Recommendation:
Update to version 0.4.4.
21 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
0.0.1 | BSD-3-Clause | 2 | 2014-01-16 - 14:47 | over 10 years |
0.0.2 | BSD-3-Clause | 2 | 2014-01-16 - 14:52 | over 10 years |
0.0.3 | BSD-3-Clause | 2 | 2014-02-26 - 00:08 | about 10 years |
0.0.4 | BSD-3-Clause | 2 | 2014-07-31 - 04:41 | almost 10 years |
0.1.0 | BSD-3-Clause | 2 | 2014-12-10 - 01:22 | over 9 years |
0.1.1 | BSD-3-Clause | 2 | 2015-01-07 - 01:25 | over 9 years |
0.1.2 | BSD-3-Clause | 2 | 2016-04-21 - 08:29 | about 8 years |
0.2.0 | BSD-3-Clause | 2 | 2016-06-05 - 02:30 | almost 8 years |
0.3.0 | BSD-3-Clause | 2 | 2017-06-27 - 01:24 | almost 7 years |
0.3.1 | BSD-3-Clause | 2 | 2017-06-27 - 01:38 | almost 7 years |
0.3.2 | BSD-3-Clause | 2 | 2017-06-27 - 01:40 | almost 7 years |
0.3.3 | BSD-3-Clause | 2 | 2017-06-30 - 02:48 | almost 7 years |
0.3.4 | BSD-3-Clause | 2 | 2018-03-30 - 16:35 | about 6 years |
0.3.5 | BSD-3-Clause | 2 | 2019-04-30 - 13:43 | about 5 years |
0.3.6 | BSD-3-Clause | 2 | 2019-08-07 - 00:25 | almost 5 years |
0.3.7 | BSD-3-Clause | 2 | 2020-02-15 - 19:11 | about 4 years |
0.4.0 | BSD-3-Clause | 1 | 2020-04-23 - 14:07 | about 4 years |
0.4.1 | BSD-3-Clause | 1 | 2020-06-27 - 14:49 | almost 4 years |
0.4.2 | BSD-3-Clause | 1 | 2020-08-24 - 16:08 | over 3 years |
0.4.3 | BSD-3-Clause | 1 | 2021-01-11 - 21:20 | over 3 years |
0.4.4 | BSD-3-Clause | 2022-06-07 - 14:18 | almost 2 years |