EPSS
Percentile
23.5%
jpeg-js is vulnerable to denial of service (DoS). The vulnerability exists as it fails to properly restrict the values of the resolution from the EXIF data, allowing a small manipulated image to cause a disproportionately large memory allocation.
github.com/eugeneware/jpeg-js/commit/135705b1510afb6cb4275a4655d92c58f6843e79
github.com/eugeneware/jpeg-js/pull/68
hackerone.com/reports/842462