CVE-2020-8175

MEDIUM

jpeg-js < 0.4.0 - Denial of Service via Crafted JPEG Image

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-8175. PoCs published by knokbak.

AI-analyzed exploit summary This repository provides a patched version of the 'get-pixels' library to address CVE-2020-8175, a vulnerability in the original library. It includes functional code for parsing and extracting pixel data from various image formats (PNG, JPEG, GIF) in both Node.js and browser environments.

Description

Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.

Exploits (2)

nomisec WORKING POC 1 stars
by knokbak · poc
https://github.com/knokbak/get-pixels-updated

This repository provides a patched version of the 'get-pixels' library to address CVE-2020-8175, a vulnerability in the original library. It includes functional code for parsing and extracting pixel data from various image formats (PNG, JPEG, GIF) in both Node.js and browser environments.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: get-pixels library (versions affected by CVE-2020-8175)
No auth needed
Prerequisites: Node.js environment or browser environment with necessary dependencies
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by knokbak · poc
https://github.com/knokbak/save-pixels-updated

This repository provides a patched version of the 'save-pixels' library to address CVE-2020-8175. It includes detailed documentation and test cases but does not contain exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: save-pixels (versions prior to the fix)
No auth needed
Prerequisites: Access to a system using the vulnerable 'save-pixels' library
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/842462

Scores

CVSS v3 5.5
EPSS 0.0022
EPSS Percentile 44.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (2)
jpeg-js_project/jpeg-js < 0.4.0
npm/jpeg-js 0 - 0.4.0npm
Published Jul 24, 2020
Tracked Since Feb 18, 2026