CVE-2025-65092
- Source
- https://cve.org/CVERecord?id=CVE-2025-65092
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65092.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-65092
- Aliases
-
- GHSA-vcw6-jc3p-4gj8
- Published
- 2025-11-21T21:33:03.656Z
- Modified
- 2026-04-02T13:03:26.229570Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- ESP32-P4 JPEG Decoder Header Parsing Vulnerability
- Details
-
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the parsing routine and trigger an out-of-bounds array access. This issue has been fixed in versions 5.5.2, 5.4.4, and 5.3.5. At time of publication versions 5.5.2, 5.4.4, and 5.3.5 have not been released but are fixed respectively in commits 4b8f585, c79cb4d, and 34e2726.
- Database specific
{ "cwe_ids": [ "CWE-125", "CWE-191" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65092.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65092.json
- https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8
- https://nvd.nist.gov/vuln/detail/CVE-2025-65092
- https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c
- https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42
- https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17
- https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27
Affected packages
Git / github.com/espressif/esp-idf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/espressif/esp-idf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/espressif/esp-idf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/espressif/esp-idf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/espressif/esp-idf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.9
v1.*
v1.0
v2.*
v2.0
v2.0-rc1
v2.0-rc2
v2.1
v2.1-rc1
v2.1.1
v3.*
v3.0
v3.0-dev
v3.0-rc1
v3.0.1
v3.0.1-rc
v3.0.2
v3.0.3
v3.0.3-rc
v3.0.4
v3.0.4-rc1
v3.0.5
v3.0.5-rc
v3.0.6
v3.0.6-rc
v3.0.7
v3.0.7-rc
v3.0.8
v3.0.9
v3.1
v3.1-beta1
v3.1-dev
v3.1-rc1
v3.1-rc2
v3.1.1
v3.1.1-rc2
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.2
v3.2-beta1
v3.2-beta3
v3.2-dev
v3.2-rc
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.3
v3.3-beta1
v3.3-beta2
v3.3-beta3
v3.3-dev
v3.3-rc
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v4.*
v4.0
v4.0-beta1
v4.0-beta2
v4.0-dev
v4.0-rc
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1
v4.1-beta1
v4.1-beta2
v4.1-dev
v4.1-rc
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.2
v4.2-beta1
v4.2-dev
v4.2-rc
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.3
v4.3-beta1
v4.3-beta2
v4.3-beta3
v4.3-dev
v4.3-rc
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.4
v4.4-beta1
v4.4-dev
v4.4-rc1
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.4.8
v5.*
v5.0
v5.0-beta1
v5.0-dev
v5.0-rc1
v5.0.1
v5.0.2
v5.0.3
v5.0.4
v5.0.5
v5.0.6
v5.0.7
v5.0.8
v5.0.9
v5.1
v5.1-beta1
v5.1-dev
v5.1-rc1
v5.1-rc2
v5.1.1
v5.1.2
v5.1.3
v5.1.4
v5.1.5
v5.1.6
v5.1.7
v5.2
v5.2-beta1
v5.2-beta2
v5.2-dev
v5.2-rc1
v5.2.1
v5.2.2
v5.2.3
v5.2.4
v5.2.5
v5.2.6
v5.3
v5.3-beta1
v5.3-beta2
v5.3-dev
v5.3-rc1
v5.3.1
v5.3.2
v5.3.3
v5.3.4
v5.3.5
v5.4
v5.4-beta1
v5.4-beta2
v5.4-dev
v5.4-rc1
v5.4.1
v5.4.2
v5.4.3
v5.5
v5.5-beta1
v5.5-dev
v5.5-rc1
v5.5.1
v5.5.2
v5.5.3
v6.*
v6.0
v6.0-beta1
v6.0-beta2
v6.0-dev
v6.0-rc1
v6.1-dev
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "39363666774108762159621765126541154937",
"length": 477.0
},
"id": "CVE-2025-65092-07f0d152",
"target": {
"function": "jpeg_parse_dqt_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"300351120114619553807934159606092986982",
"255955578888472083564361538458021075164",
"204102754909646671033027918652549336221",
"305343970697779277970573056892217207290",
"6578080407103094056795212780370419332",
"270584395727987353366327500924343083508",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"219646650815489094394565209185993090406",
"186436367613822611357656043619356312985",
"51166337637757046718134478530690727875",
"329040916800484194068376455132114859794",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"62737178515335869478320089429662338248",
"324013644536638948633580419850361020631",
"190491550716223651805531193505738700414",
"160258048494024635349564710632562694017",
"272516806714685351038275610328078219139",
"141757672308743120943997281449982710002",
"272544368593836318623335703946934453550",
"32186766345911880799083309367275783367",
"78648583614097114705599423132567697039",
"80132883126224752890592911916747986807",
"168514847475285737104350090932937493749",
"240289280529262391555586300563357012288",
"183812331085818735642745053004407335796",
"310327103811547027275032490336874655380",
"93687924177433507208801021742808389574",
"101064582721209615804559814294762551717",
"203574070523116068530712805168374861960",
"72444830360252318162411626949680961975",
"263869225234372271416833984766504198528",
"228854587068242730946119233836895381379",
"76269596778950071884327082924811694220",
"338672767530725352734377037080853777690",
"77816330103066884053962297434559186696",
"270401783302451503963129049386481612755",
"36582941821428149645901102361982696468",
"242518282748810763250088366751939156241",
"287578294368216198883547366737815350961",
"270020237499669771695136050413253774930",
"31529798369861469983731832816021448520"
]
},
"id": "CVE-2025-65092-0d1293d8",
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"300351120114619553807934159606092986982",
"255955578888472083564361538458021075164",
"204102754909646671033027918652549336221",
"305343970697779277970573056892217207290",
"6578080407103094056795212780370419332",
"270584395727987353366327500924343083508",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"219646650815489094394565209185993090406",
"186436367613822611357656043619356312985",
"51166337637757046718134478530690727875",
"329040916800484194068376455132114859794",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"62737178515335869478320089429662338248",
"324013644536638948633580419850361020631",
"190491550716223651805531193505738700414",
"160258048494024635349564710632562694017",
"272516806714685351038275610328078219139",
"141757672308743120943997281449982710002",
"272544368593836318623335703946934453550",
"32186766345911880799083309367275783367",
"78648583614097114705599423132567697039",
"80132883126224752890592911916747986807",
"168514847475285737104350090932937493749",
"240289280529262391555586300563357012288",
"183812331085818735642745053004407335796",
"310327103811547027275032490336874655380",
"93687924177433507208801021742808389574",
"101064582721209615804559814294762551717",
"203574070523116068530712805168374861960",
"72444830360252318162411626949680961975",
"263869225234372271416833984766504198528",
"228854587068242730946119233836895381379",
"76269596778950071884327082924811694220",
"338672767530725352734377037080853777690",
"77816330103066884053962297434559186696",
"35952904096580135278624324921616346147",
"225017210628595911938869191718837774880",
"205900495083782155466898127190105699704",
"156433879730322936976833066657300797215",
"270401783302451503963129049386481612755",
"36582941821428149645901102361982696468",
"242518282748810763250088366751939156241",
"287578294368216198883547366737815350961",
"270020237499669771695136050413253774930",
"31529798369861469983731832816021448520"
]
},
"id": "CVE-2025-65092-11faeb13",
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "192656955198176996831741484163290370133",
"length": 132.0
},
"id": "CVE-2025-65092-123865f9",
"target": {
"function": "jpeg_parse_inv_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-1bb613a2",
"target": {
"function": "jpeg_parse_appn_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-28ef9a53",
"target": {
"function": "jpeg_parse_com_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"53763635225264044899860443202434164662",
"7433690525629391198123425321608665499",
"5570919318839635877182093645338869795",
"159900042665589557845243746660416071572"
]
},
"id": "CVE-2025-65092-2e5c84f2",
"target": {
"file": "components/esp_driver_jpeg/jpeg_encode.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"300351120114619553807934159606092986982",
"255955578888472083564361538458021075164",
"204102754909646671033027918652549336221",
"305343970697779277970573056892217207290",
"6578080407103094056795212780370419332",
"270584395727987353366327500924343083508",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"219646650815489094394565209185993090406",
"186436367613822611357656043619356312985",
"51166337637757046718134478530690727875",
"329040916800484194068376455132114859794",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"62737178515335869478320089429662338248",
"324013644536638948633580419850361020631",
"190491550716223651805531193505738700414",
"160258048494024635349564710632562694017",
"272516806714685351038275610328078219139",
"141757672308743120943997281449982710002",
"272544368593836318623335703946934453550",
"32186766345911880799083309367275783367",
"78648583614097114705599423132567697039",
"80132883126224752890592911916747986807",
"168514847475285737104350090932937493749",
"240289280529262391555586300563357012288",
"183812331085818735642745053004407335796",
"310327103811547027275032490336874655380",
"93687924177433507208801021742808389574",
"101064582721209615804559814294762551717",
"203574070523116068530712805168374861960",
"72444830360252318162411626949680961975",
"263869225234372271416833984766504198528",
"228854587068242730946119233836895381379",
"76269596778950071884327082924811694220",
"338672767530725352734377037080853777690",
"77816330103066884053962297434559186696",
"270401783302451503963129049386481612755",
"36582941821428149645901102361982696468",
"242518282748810763250088366751939156241",
"287578294368216198883547366737815350961",
"270020237499669771695136050413253774930",
"31529798369861469983731832816021448520"
]
},
"id": "CVE-2025-65092-3bbb3e89",
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "192656955198176996831741484163290370133",
"length": 132.0
},
"id": "CVE-2025-65092-3f4fee3e",
"target": {
"function": "jpeg_parse_inv_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-4e840d06",
"target": {
"function": "jpeg_parse_appn_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "18370046766344029454200470214350493845",
"length": 138.0
},
"id": "CVE-2025-65092-534f8005",
"target": {
"function": "jpeg_parse_sos_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "315073095827580056289626854292048545590",
"length": 6558.0
},
"id": "CVE-2025-65092-5a9ccf15",
"target": {
"function": "jpeg_encoder_process",
"file": "components/esp_driver_jpeg/jpeg_encode.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-5cbfdb42",
"target": {
"function": "jpeg_parse_com_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-616383e5",
"target": {
"function": "jpeg_parse_com_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "315073095827580056289626854292048545590",
"length": 6558.0
},
"id": "CVE-2025-65092-70921050",
"target": {
"function": "jpeg_encoder_process",
"file": "components/esp_driver_jpeg/jpeg_encode.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "39363666774108762159621765126541154937",
"length": 477.0
},
"id": "CVE-2025-65092-7318f11f",
"target": {
"function": "jpeg_parse_dqt_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "18370046766344029454200470214350493845",
"length": 138.0
},
"id": "CVE-2025-65092-7956a684",
"target": {
"function": "jpeg_parse_sos_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "99681014888320161129722080101643622948",
"length": 694.0
},
"id": "CVE-2025-65092-7d81e633",
"target": {
"function": "jpeg_parse_dht_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"53763635225264044899860443202434164662",
"7433690525629391198123425321608665499",
"5570919318839635877182093645338869795",
"159900042665589557845243746660416071572"
]
},
"id": "CVE-2025-65092-81f48ae9",
"target": {
"file": "components/esp_driver_jpeg/jpeg_encode.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "39363666774108762159621765126541154937",
"length": 477.0
},
"id": "CVE-2025-65092-836fb059",
"target": {
"function": "jpeg_parse_dqt_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "18370046766344029454200470214350493845",
"length": 138.0
},
"id": "CVE-2025-65092-8c83eb89",
"target": {
"function": "jpeg_parse_sos_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-94c1ad4c",
"target": {
"function": "jpeg_parse_appn_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"300351120114619553807934159606092986982",
"255955578888472083564361538458021075164",
"204102754909646671033027918652549336221",
"305343970697779277970573056892217207290",
"6578080407103094056795212780370419332",
"270584395727987353366327500924343083508",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"219646650815489094394565209185993090406",
"186436367613822611357656043619356312985",
"51166337637757046718134478530690727875",
"329040916800484194068376455132114859794",
"288378566329496719322356982131476600634",
"130447300128017236593177982949067727247",
"322201657780429485907602744132733888546",
"23005362083019820967806529350626065981",
"62737178515335869478320089429662338248",
"324013644536638948633580419850361020631",
"190491550716223651805531193505738700414",
"160258048494024635349564710632562694017",
"272516806714685351038275610328078219139",
"141757672308743120943997281449982710002",
"272544368593836318623335703946934453550",
"32186766345911880799083309367275783367",
"78648583614097114705599423132567697039",
"80132883126224752890592911916747986807",
"168514847475285737104350090932937493749",
"240289280529262391555586300563357012288",
"183812331085818735642745053004407335796",
"310327103811547027275032490336874655380",
"93687924177433507208801021742808389574",
"101064582721209615804559814294762551717",
"203574070523116068530712805168374861960",
"72444830360252318162411626949680961975",
"263869225234372271416833984766504198528",
"228854587068242730946119233836895381379",
"76269596778950071884327082924811694220",
"338672767530725352734377037080853777690",
"77816330103066884053962297434559186696",
"270401783302451503963129049386481612755",
"36582941821428149645901102361982696468",
"242518282748810763250088366751939156241",
"287578294368216198883547366737815350961",
"270020237499669771695136050413253774930",
"31529798369861469983731832816021448520"
]
},
"id": "CVE-2025-65092-9659159d",
"target": {
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"123335148898661190710059823448298532322",
"152123330594703485273939800598102455799",
"266835189928093803369397424080518064986",
"304541633924855839806242644002718330049"
]
},
"id": "CVE-2025-65092-96c2fb19",
"target": {
"file": "components/esp_driver_jpeg/include/driver/jpeg_types.h"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "18370046766344029454200470214350493845",
"length": 138.0
},
"id": "CVE-2025-65092-97eb9883",
"target": {
"function": "jpeg_parse_sos_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "99681014888320161129722080101643622948",
"length": 694.0
},
"id": "CVE-2025-65092-991f2723",
"target": {
"function": "jpeg_parse_dht_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "111495980416118022090803198087480495988",
"length": 179.0
},
"id": "CVE-2025-65092-99cafa06",
"target": {
"function": "jpeg_get_char",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-9c0a52ac",
"target": {
"function": "jpeg_parse_appn_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "111495980416118022090803198087480495988",
"length": 179.0
},
"id": "CVE-2025-65092-a31a4d09",
"target": {
"function": "jpeg_get_char",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "271681152643513905463664729326233769224",
"length": 205.0
},
"id": "CVE-2025-65092-ab226bc2",
"target": {
"function": "jpeg_parse_com_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "111495980416118022090803198087480495988",
"length": 179.0
},
"id": "CVE-2025-65092-bcb0c084",
"target": {
"function": "jpeg_get_char",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27",
"signature_type": "Line",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"123335148898661190710059823448298532322",
"152123330594703485273939800598102455799",
"266835189928093803369397424080518064986",
"304541633924855839806242644002718330049"
]
},
"id": "CVE-2025-65092-c7a2dc1d",
"target": {
"file": "components/esp_driver_jpeg/include/driver/jpeg_types.h"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "111495980416118022090803198087480495988",
"length": 179.0
},
"id": "CVE-2025-65092-d3a82697",
"target": {
"function": "jpeg_get_char",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "39363666774108762159621765126541154937",
"length": 477.0
},
"id": "CVE-2025-65092-d5cfdc05",
"target": {
"function": "jpeg_parse_dqt_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "99681014888320161129722080101643622948",
"length": 694.0
},
"id": "CVE-2025-65092-d62fa0b0",
"target": {
"function": "jpeg_parse_dht_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "192656955198176996831741484163290370133",
"length": 132.0
},
"id": "CVE-2025-65092-ea54bbf6",
"target": {
"function": "jpeg_parse_inv_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "192656955198176996831741484163290370133",
"length": 132.0
},
"id": "CVE-2025-65092-f80653b9",
"target": {
"function": "jpeg_parse_inv_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c",
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "99681014888320161129722080101643622948",
"length": 694.0
},
"id": "CVE-2025-65092-fe0c2a6d",
"target": {
"function": "jpeg_parse_dht_marker",
"file": "components/esp_driver_jpeg/jpeg_parse_marker.c"
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65092.json"