jpeg-js@0.2.0 vulnerabilities

A pure javascript JPEG encoder and decoder

Direct Vulnerabilities

Known vulnerabilities in the jpeg-js package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

How to fix Denial of Service (DoS)?

Upgrade jpeg-js to version 0.4.4 or higher.

<0.4.4
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS). The attacker could manipulate the exif data in the image file such as change the image pixel to 64250x64250pixels. If the module loaded the crafted image, it tries to allocate 4128062500 pixels into memory.

How to fix Denial of Service (DoS)?

Upgrade jpeg-js to version 0.4.0 or higher.

<0.4.0