CVE-2026-55687

Source
https://cve.org/CVERecord?id=CVE-2026-55687
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55687.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-55687
Aliases
  • GHSA-v6r2-f6p2-88cj
Published
2026-07-10T15:59:31.646Z
Modified
2026-07-15T01:49:15.747501269Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
ESF-IDF: Stack-Based Out-of-Bounds Write in JPEG Decoder DQT Marker Parsing
Details

ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpegparsedqtmarker() in components/espdriverjpeg/jpegparsemarker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qttbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55687.json",
    "cwe_ids": [
        "CWE-121",
        "CWE-787"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/espressif/esp-idf

Affected ranges

Type
GIT
Repo
https://github.com/espressif/esp-idf
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "fixed": "6.0.2"
        },
        {
            "introduced": "5.5.0"
        },
        {
            "last_affected": "5.5.4"
        },
        {
            "introduced": "5.4.0"
        },
        {
            "last_affected": "5.4.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.3.5"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

v0.*
v0.9
v1.*
v1.0
v2.*
v2.0-rc1
v2.1-rc1
v3.*
v3.0-dev
v3.1-beta1
v3.1-dev
v3.2-beta1
v3.2-dev
v3.3-beta1
v3.3-beta2
v3.3-dev
v4.*
v4.0-dev
v4.1-dev
v4.2-dev
v4.3-beta1
v4.3-dev
v5.*
v5.0-beta1
v5.0-dev
v5.2-dev
v5.3
v5.3-beta1
v5.3-beta2
v5.3-rc1
v5.4-beta2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55687.json"