{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/jpeg/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2025-47390"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["memory-corruption","jpeg","qualcomm"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2025-47390 describes a memory corruption vulnerability found in the JPEG driver related to the preprocessing of IOCTL requests. This vulnerability, reported by Qualcomm, could allow a local attacker to potentially corrupt memory leading to a crash or arbitrary code execution. This vulnerability is documented in the Qualcomm Security Bulletin for April 2026. Successful exploitation of this issue could lead to denial of service, local privilege escalation, or information disclosure, impacting the confidentiality, integrity, and availability of the system. Defenders should investigate systems using Qualcomm chipsets, prioritizing devices that handle JPEG image processing.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA malicious application is installed on the target device.\u003c/li\u003e\n\u003cli\u003eThe application crafts a specially crafted IOCTL request intended for the JPEG driver.\u003c/li\u003e\n\u003cli\u003eThe application sends the malicious IOCTL request to the JPEG driver via the device\u0026rsquo;s operating system API.\u003c/li\u003e\n\u003cli\u003eThe JPEG driver improperly processes the IOCTL request during the preprocessing stage.\u003c/li\u003e\n\u003cli\u003eDue to a buffer over-read (CWE-126), the driver reads beyond the allocated memory buffer.\u003c/li\u003e\n\u003cli\u003eThis memory corruption could lead to a crash, denial of service, or the potential to overwrite adjacent memory regions.\u003c/li\u003e\n\u003cli\u003eIf the attacker can control the overwritten memory, they may be able to inject and execute arbitrary code.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-47390 can lead to memory corruption, potentially resulting in a denial-of-service condition. In more severe scenarios, attackers could potentially gain arbitrary code execution and escalate their privileges on the targeted system. This vulnerability affects devices utilizing the vulnerable Qualcomm JPEG driver. The specific number of affected devices is unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patches released by Qualcomm as detailed in the Qualcomm Security Bulletin for April 2026 to remediate CVE-2025-47390.\u003c/li\u003e\n\u003cli\u003eMonitor process creations for applications interacting with the JPEG driver using suspicious IOCTL requests to identify potential exploitation attempts (see the process creation Sigma rule below).\u003c/li\u003e\n\u003cli\u003eEnable driver verifier on test systems to proactively identify driver-level memory corruption issues.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T16:16:27Z","date_published":"2026-04-06T16:16:27Z","id":"/briefs/2026-04-jpeg-ioctl-memory-corruption/","summary":"A memory corruption vulnerability (CVE-2025-47390) exists while preprocessing IOCTL requests in the JPEG driver, potentially leading to local privilege escalation or denial of service.","title":"CVE-2025-47390: JPEG Driver IOCTL Memory Corruption Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-jpeg-ioctl-memory-corruption/"}],"language":"en","title":"CraftedSignal Threat Feed — Jpeg","version":"https://jsonfeed.org/version/1.1"}