3 matches found
CVE-2025-71319
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the findBox function. An attacker can cause the application to hang indefinitely by supplying a malicious image. PoC js // mkdir 2.0.1 // cd 2.0.1/ // npm i [email protected] const imageSizeFromFile =...
GHSA-M5QC-5HW7-8VG7 image-size Denial of Service via Infinite Loop during Image Processing
Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...