CVE-2026-55687
Received
Received - Intake
Buffer Overflow in ESP-IDF JPEG Parser
Vulnerability report for CVE-2026-55687, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: GitHub, Inc.
Description
Description
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| espressif | esp-idf | 6.0.1 |
| espressif | esp-idf | 5.5.4 |
| espressif | esp-idf | 5.4.4 |
| espressif | esp-idf | 5.3.5 |
| espressif | esp-idf | to 6.0.2 (inc) |
| espressif | esp-idf | From 5.5.5 (inc) |
| espressif | esp-idf | From 5.4.5 (inc) |
| espressif | esp-idf | From 5.3.6 (inc) |
| espressif | esp-idf | From 6.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |