Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 1:41 a.m.9 views

CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

8.7CVSS6.2AI score0.00625EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 2:16 p.m.9 views

CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

8.7CVSS0.0043EPSS
Exploits1References3
CVE
CVE
added 2026/06/10 1:4 p.m.57 views

CVE-2025-71329

The CVE-2025-71329 vulnerability affects image-size up to version 2.0.2 and is triggered by a crafted image buffer containing a zero-valued size field in a recognized box-type, causing an infinite loop in the JXL or HEIF parsers and permanently blocking the Node.js event loop (DoS). Impact is den...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/10 1:2 p.m.35 views

CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

8.7CVSS0.0043EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the JXL or HEIF image parser, which could allow remote attackers to permanently block the...

8.7CVSS6AI score0.0043EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the ICNS parser, which could allow remote attackers to permanently block the Node.js event...

8.7CVSS5.9AI score0.0043EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/09 7:57 p.m.44 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.00625EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...

8.7CVSS5.9AI score0.00625EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/04/02 3:4 p.m.8 views

@adobe/helix-importer (>=3.4.65 <=3.4.79), @adobe/helix-md2docx (>=2.2.0 <=2.2.7) +57 more potentially affected by CVE-2025-71319 via image-size (>=2.0.0 <=2.0.1)

image-size NPM version =2.0.0, =3.4.65, =2.2.0, =2.6.5, =1.3.47, =1.4.2, =5.0.0-alpha.40, =7.12.0-main6e45b19, =0.28.1-feature.esm.cjs.8, =0.28.1-feature.esm.cjs.8, =0.28.1-feature.esm.cjs.13, =0.28.1-feature.jose.vcdm.19, =0.28.1-feature.esm.cjs.18, =0.28.1-feature.esm.cjs.8,...

8.7CVSS5.7AI score0.00625EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/04/02 3:4 p.m.9 views

@adobe/helix-importer (>=3.1.2 <=3.4.79), @adobe/helix-md2docx (>=2.1.38 <=2.1.107) +144 more potentially affected by CVE-2025-71319 via image-size (>=1.1.0 <=1.2.0)

image-size NPM version =1.1.0, =3.1.2, =2.1.38, =1.0.0, =2.4.3, =1.1.1, =1.0.0, =1.0.0-B001, =0.0.28, =2.17.13, =0.17.6, =1.16.10, =7.1.0, =0.0.1, =1.1.69, =5.0.0-alpha.27, =5.0.0-alpha.39 and more Source cves: CVE-2025-71319 Source advisory: OSV:GHSA-M5QC-5HW7-8VG7...

8.7CVSS5.7AI score0.00625EPSS
Exploits1
OSV
OSV
added 2016/02/17 3:59 p.m.2 views

DEBIAN-CVE-2013-7447

Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...

6.5CVSS7.2AI score0.04633EPSS
Exploits0References1
Rows per page
Query Builder