115 matches found
CVE-2025-71330
A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted ICNS image buffer. This malicious buffer, containing valid magic bytes and a zero-valued entry length, causes an infinite loop in the ICNS parser. This can permanently block the Node....
Linux Distros Unpatched Vulnerability : CVE-2025-71330
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...
SUSE CVE-2025-71330
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for image-size. References - GitHub PR - Vulnerability Report - Vulnerable C...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely. Remediation There is no fixed version for org.webjars.npm:image-size. References - GitHub PR - Vulnerability Repor...
CVE-2025-71330
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
EUVD-2025-210105
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...
CVE-2025-71330
The CVE-2025-71330 issue affects image-size
PT-2026-48404
Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop by providing a specially crafted ICNS image buffer. By supplying an ICNS buffer with valid magi...
Astra Linux - уязвимость в qtimageformats-opensource-src
When loading a specially crafted ICNS format image file in QImage, it will cause a crash. This issue affects Qt versions 6.3.0 through 6.5.9, 6.6.0 through 6.8.4, and 6.9.0. This issue has been fixed in versions 6.5.10, 6.8.5, and 6.9.1...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-017483)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017483 advisory. Pillow before 8.1.2 allows attackers to cause a denial of service memory consumption because the reported size of a contained image is not properly checked for an IC...
Astra Linux – Vulnerability in pillow
In Pillow before 8.1.2, attackers can cause a denial of service due to excessive memory consumption. This occurs because the reported size of the contained image is not properly checked for an ICNS container. As a result, a memory allocation attempt can be quite large...
OESA-2026-2002 gimp security update
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...
OESA-2026-2001 gimp security update
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...
OESA-2026-2000 gimp security update
The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...
Linux Distros Unpatched Vulnerability : CVE-2026-40917
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An...
DEBIAN-CVE-2026-40917
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...
CVE-2026-40917
A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...