jpeg-js@0.3.6 vulnerabilities

A pure javascript JPEG encoder and decoder

  • latest version

    0.4.4

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    2 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the jpeg-js package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

    How to fix Denial of Service (DoS)?

    Upgrade jpeg-js to version 0.4.4 or higher.

    <0.4.4
    • M
    Denial of Service (DoS)

    Affected versions of this package are vulnerable to Denial of Service (DoS). The attacker could manipulate the exif data in the image file such as change the image pixel to 64250x64250pixels. If the module loaded the crafted image, it tries to allocate 4128062500 pixels into memory.

    How to fix Denial of Service (DoS)?

    Upgrade jpeg-js to version 0.4.0 or higher.

    <0.4.0