Volerion logoVolerion
Volerion logoVolerion

Espressif JPEG Decoder Vulnerability in ESP-IDF on ESP32-P4 Hardware

Vulnerability

A vulnerability exists in the Espressif Internet of Things Development Framework (ESP-IDF) versions 5.5.1, 5.4.3, and 5.3.4. When the ESP32-P4 utilizes its hardware JPEG decoder, the software parser fails to perform essential validation checks. This oversight allows a specially crafted JPEG image to exploit the parsing routine, leading to an out-of-bounds array access. Such exploitation could cause a crash or other undefined behavior.

Impact

The vulnerability allows for out-of-bounds array access during the software-based parsing of JPEG image headers. This could result in a crash or other undefined behavior, such as memory corruption.

Remediation

Users can upgrade to Espressif IDF versions 5.5.2, 5.4.4, or 5.3.5, all of which include the necessary fix. Instructions for updating can be found in the Espressif IDF documentation.

Added: Nov 21, 2025, 10:22 PM
Updated: Nov 21, 2025, 10:22 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
5.3
remediation
7.7
relevance
1.2
threat
3.2
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.