Out-of-bounds Read in Espressif Esp-idf
CVE-2025-65092
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (mal…
Vulnerability class: Buffer Overflow
EPSS: 0.001 (24.7th percentile) — read the EPSS interpretation.
Affected products
- Espressif Esp-idf — versions = 5.5.1, = 5.4.3, = 5.3.4
Weakness classification (CWE)
References
- https://github.com/espressif/esp-idf/security/advisories/GHSA-vcw6-jc3p-4gj8 (x_refsource_CONFIRM)
- https://github.com/espressif/esp-idf/commit/34e2726254201988e6e2752b2db4b70d73964d4c (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/4b8f5859dbe05d15372558f8a950b49f6ee44e42 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/c38a6691b9845ac6ee0d0f6713783114770cdc17 (x_refsource_MISC)
- https://github.com/espressif/esp-idf/commit/c79cb4de468854937a0cbf82629fd65d04bffb27 (x_refsource_MISC)