{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "extracted_events": [
              {
                "introduced": "6.0.0"
              },
              {
                "fixed": "6.0.2"
              },
              {
                "introduced": "5.5.0"
              },
              {
                "last_affected": "5.5.4"
              },
              {
                "introduced": "5.4.0"
              },
              {
                "last_affected": "5.4.4"
              },
              {
                "introduced": "0"
              },
              {
                "last_affected": "5.3.5"
              }
            ],
            "source": [
              "AFFECTED_FIELD",
              "REFERENCES"
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "303c01305acb8ae5c4eb24a1786300681b4822a4"
            },
            {
              "fixed": "6ffafe8e93142ef8ffe51a6311d4abfc0f10fe77"
            },
            {
              "fixed": "7ccfc00f39faf1b7e5919f45b56fe44ba699d7c1"
            },
            {
              "fixed": "82c5c2dad45313786fb7e973059bc9094d95c3b2"
            },
            {
              "fixed": "f2df45bcedef11354e83c31a9718d680a68422c4"
            },
            {
              "fixed": "7101770dc6db2667b3c477cc31365dd1acd6db4e"
            }
          ],
          "repo": "https://github.com/espressif/esp-idf",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-v6r2-f6p2-88cj"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-121",
      "CWE-787"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55687.json"
  },
  "details": "ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. Versions 6.0.1, 5.5.4, 5.4.4, 5.3.5, and possibly prior contain an out-of-bounds write in jpeg_parse_dqt_marker() in components/esp_driver_jpeg/jpeg_parse_marker.c because the attacker-controlled DQT marker Tq nibble is used as an index into the qt_tbl array without validating that it is in the range 0..3, allowing malformed JPEG input to corrupt stack memory and reliably trigger a denial of service. This issue is fixed in version 6.0.2 and is expected to be fixed in versions 5.5.5, 5.4.5, and 5.3.6.",
  "id": "CVE-2026-55687",
  "modified": "2026-07-15T01:49:15.747501269Z",
  "published": "2026-07-10T15:59:31.646Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/espressif/esp-idf/releases/tag/v6.0.2"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55687.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/espressif/esp-idf/security/advisories/GHSA-v6r2-f6p2-88cj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55687"
    },
    {
      "type": "FIX",
      "url": "https://github.com/espressif/esp-idf/commit/303c01305acb8ae5c4eb24a1786300681b4822a4"
    },
    {
      "type": "FIX",
      "url": "https://github.com/espressif/esp-idf/commit/6ffafe8e93142ef8ffe51a6311d4abfc0f10fe77"
    },
    {
      "type": "FIX",
      "url": "https://github.com/espressif/esp-idf/commit/7ccfc00f39faf1b7e5919f45b56fe44ba699d7c1"
    },
    {
      "type": "FIX",
      "url": "https://github.com/espressif/esp-idf/commit/82c5c2dad45313786fb7e973059bc9094d95c3b2"
    },
    {
      "type": "FIX",
      "url": "https://github.com/espressif/esp-idf/commit/f2df45bcedef11354e83c31a9718d680a68422c4"
    }
  ],
  "schema_version": "1.8.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ESF-IDF: Stack-Based Out-of-Bounds Write in JPEG Decoder DQT Marker Parsing"
}