Homepage

org.webjars.npm:jpeg-js@0.3.6 vulnerabilities

  • latest version

    0.4.4

  • latest non vulnerable version

    0.4.4

  • first published

    6 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.webjars.npm:jpeg-js package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

    How to fix Denial of Service (DoS)?

    Upgrade org.webjars.npm:jpeg-js to version 0.4.4 or higher.

    [,0.4.4)
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS). The attacker could manipulate the exif data in the image file such as change the image pixel to 64250x64250pixels. If the module loaded the crafted image, it tries to allocate 4128062500 pixels into memory.

    How to fix Denial of Service (DoS)?

    Upgrade org.webjars.npm:jpeg-js to version 0.4.0 or higher.

    [,0.4.0)
    Go back to all versions of this package