CVE-2025-65092
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-65092
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65092.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65092
- Aliases
-
- GHSA-vcw6-jc3p-4gj8
- Published
- 2025-11-21T21:33:03.656Z
- Modified
- 2025-12-05T10:22:16.180694Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- ESP32-P4 JPEG Decoder Header Parsing Vulnerability
- Details
-
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.
- Database specific
{ "cwe_ids": [ "CWE-125", "CWE-191" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65092.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65092.json
- https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c
- https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42
- https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17
- https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27
- https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8
- https://nvd.nist.gov/vuln/detail/CVE-2025-65092
Affected packages
Git / github.com/espressif/esp-idf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/espressif/esp-idf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.9
v1.*
v1.0
v2.*
v2.0-rc1
v2.1-rc1
v3.*
v3.0-dev
v3.1-beta1
v3.1-dev
v3.2-beta1
v3.2-dev
v3.3-beta1
v3.3-beta2
v3.3-dev
v4.*
v4.0-dev
v4.1-dev
v4.2-dev
v4.3-beta1
v4.3-dev
v4.4-dev
v5.*
v5.0-beta1
v5.0-dev
v5.1-dev
v5.2-dev
v5.3-dev
v5.4
v5.4-beta1
v5.4-beta2
v5.4-dev
v5.4-rc1
v5.4.1
v5.4.2
v5.4.3
Database specific
vanir_signatures
[
{
"id": "CVE-2025-65092-123865f9",
"digest": {
"length": 132.0,
"function_hash": "192656955198176996831741484163290370133"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_parse_inv_marker"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-2e5c84f2",
"digest": {
"threshold": 0.9,
"line_hashes": [
"53763635225264044899860443202434164662",
"7433690525629391198123425321608665499",
"5570919318839635877182093645338869795",
"159900042665589557845243746660416071572"
]
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_encode.c"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2025-65092-3bbb3e89",
"digest": {
"threshold": 0.9,
"line_hashes": [
"300351120114619553807934159606092986982",
"255955578888472083564361538458021075164",
"204102754909646671033027918652549336221",
"305343970697779277970573056892217207290",
"6578080407103094056795212780370419332",
"270584395727987353366327500924343083508",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"219646650815489094394565209185993090406",
"186436367613822611357656043619356312985",
"51166337637757046718134478530690727875",
"329040916800484194068376455132114859794",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"62737178515335869478320089429662338248",
"324013644536638948633580419850361020631",
"190491550716223651805531193505738700414",
"160258048494024635349564710632562694017",
"272516806714685351038275610328078219139",
"141757672308743120943997281449982710002",
"272544368593836318623335703946934453550",
"32186766345911880799083309367275783367",
"78648583614097114705599423132567697039",
"80132883126224752890592911916747986807",
"168514847475285737104350090932937493749",
"240289280529262391555586300563357012288",
"183812331085818735642745053004407335796",
"310327103811547027275032490336874655380",
"93687924177433507208801021742808389574",
"101064582721209615804559814294762551717",
"203574070523116068530712805168374861960",
"72444830360252318162411626949680961975",
"263869225234372271416833984766504198528",
"228854587068242730946119233836895381379",
"76269596778950071884327082924811694220",
"338672767530725352734377037080853777690",
"77816330103066884053962297434559186696",
"270401783302451503963129049386481612755",
"36582941821428149645901102361982696468",
"242518282748810763250088366751939156241",
"287578294368216198883547366737815350961",
"270020237499669771695136050413253774930",
"31529798369861469983731832816021448520"
]
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Line"
},
{
"id": "CVE-2025-65092-5a9ccf15",
"digest": {
"length": 6558.0,
"function_hash": "315073095827580056289626854292048545590"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_encode.c",
"function": "jpeg_encoder_process"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-5cbfdb42",
"digest": {
"length": 205.0,
"function_hash": "271681152643513905463664729326233769224"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_parse_com_marker"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-7318f11f",
"digest": {
"length": 477.0,
"function_hash": "39363666774108762159621765126541154937"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_parse_dqt_marker"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-7d81e633",
"digest": {
"length": 694.0,
"function_hash": "99681014888320161129722080101643622948"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_parse_dht_marker"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-94c1ad4c",
"digest": {
"length": 205.0,
"function_hash": "271681152643513905463664729326233769224"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_parse_appn_marker"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-97eb9883",
"digest": {
"length": 138.0,
"function_hash": "18370046766344029454200470214350493845"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_parse_sos_marker"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-a31a4d09",
"digest": {
"length": 179.0,
"function_hash": "111495980416118022090803198087480495988"
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c",
"function": "jpeg_get_char"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Function"
},
{
"id": "CVE-2025-65092-c7a2dc1d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"123335148898661190710059823448298532322",
"152123330594703485273939800598102455799",
"266835189928093803369397424080518064986",
"304541633924855839806242644002718330049"
]
},
"deprecated": false,
"target": {
"file": "components/esp_driver_jpeg/include/driver/jpeg_types.h"
},
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_version": "v1",
"signature_type": "Line"
}
]