Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 1:41 a.m.9 views

CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/09 7:57 p.m.50 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.00625EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/09 7:57 p.m.11 views

EUVD-2025-210087

image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zer...

8.7CVSS5.5AI score0.00625EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 7:57 p.m.92 views

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2025/04/02 3:4 p.m.270 views

image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

8.7CVSS7.2AI score0.00625EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.11 views

PT-2026-48232

Name of the Vulnerable Software and Affected Versions image-size versions 1.1.0 through 1.2.0 image-size versions 2.0.0 through 2.0.1 Description A denial of service issue exists when processing specially crafted images with zero-sized boxes. Remote attackers can cause an application hang by...

8.7CVSS5.2AI score0.00625EPSS
Exploits1References17
Rows per page
Query Builder