CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

CVE-2025-71329

The CVE-2025-71329 vulnerability affects image-size up to version 2.0.2 and is triggered by a crafted image buffer containing a zero-valued size field in a recognized box-type, causing an infinite loop in the JXL or HEIF parsers and permanently blocking the Node.js event loop (DoS). Impact is den...

CVE-2025-71330 image-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to...

image-size 安全漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the ICNS parser, which could allow remote attackers to permanently block the Node.js event...

image-size 安全漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the JXL or HEIF image parser, which could allow remote attackers to permanently block the...

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

image-size 安全漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...

@adobe/helix-importer (>=3.1.2 <=3.4.79), @adobe/helix-md2docx (>=2.1.38 <=2.1.107) +144 more potentially affected by CVE-2025-71319 via image-size (>=1.1.0 <=1.2.0)

image-size NPM version =1.1.0, =3.1.2, =2.1.38, =1.0.0, =2.4.3, =1.1.1, =1.0.0, =1.0.0-B001, =0.0.28, =2.17.13, =0.17.6, =1.16.10, =7.1.0, =0.0.1, =1.1.69, =5.0.0-alpha.27, =5.0.0-alpha.39 and more Source cves: CVE-2025-71319 Source advisory: OSV:GHSA-M5QC-5HW7-8VG7...

@adobe/helix-importer (>=3.4.65 <=3.4.79), @adobe/helix-md2docx (>=2.2.0 <=2.2.7) +56 more potentially affected by CVE-2025-71319 via image-size (>=2.0.0 <=2.0.1)

image-size NPM version =2.0.0, =3.4.65, =2.2.0, =2.6.5, =1.3.47, =1.4.2, =5.0.0-alpha.40, =7.12.0-main6e45b19, =0.28.1-feature.esm.cjs.8, =0.28.1-feature.esm.cjs.8, =0.28.1-feature.esm.cjs.13, =0.28.1-feature.jose.vcdm.19, =0.28.1-feature.esm.cjs.18, =0.28.1-feature.esm.cjs.8,...

DEBIAN-CVE-2013-7447

Integer overflow in the gdkcairosetsourcepixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service crash via a large image file, which triggers a large...