Out-of-Bounds Access Vulnerability in Espressif IoT Development Framework for ESP32-P4
CVE-2025-65092
6.9MEDIUM
What is CVE-2025-65092?
The Espressif IoT Development Framework (ESF-IDF) contains a vulnerability in its hardware JPEG decoder that affects versions 5.5.1, 5.4.3, and 5.3.4. Insufficient validation checks in the software parser can be exploited by a specially crafted JPEG image, leading to out-of-bounds array access. This issue poses security risks and has been addressed in the upcoming fixed versions 5.5.2, 5.4.4, and 5.3.5, with specific commits outlining the modifications.
Affected Version(s)
esp-idf = 5.5.1 = 5.5.1
esp-idf = 5.4.3 = 5.4.3
esp-idf = 5.3.4 = 5.3.4