129 matches found
CVE-2025-71319
A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...
CVE-2025-71329
A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...
[SECURITY] [DSA 6342-1] jpeg-xl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2026 https://www.debian.org/security/faq -...
Debian dsa-6342 : jpeg-xl-doc - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6342 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz...
CVE-2025-71319
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
CVE-2025-71319
CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...
image-size 资源管理错误漏洞
image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...
USN-8397-1 jpeg-xl vulnerability
It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...
[SECURITY] Fedora 43 Update: jpegxl-0.11.2-1.fc43
This package contains a reference implementation of JPEG XL encoder and decoder...
GHSA-RR89-W3H9-M66J ExifReader is vulnerable to denial of service via unbounded decompression of image metadata
Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...
[SECURITY] Fedora 44 Update: jpegxl-0.11.2-1.fc44
This package contains a reference implementation of JPEG XL encoder and decoder...
libjxl 安全漏洞
libjxl is an open-source implementation of the JPEG XL image format. Version 0.12.0 of libjxl contains a security vulnerability, which stems from a heap buffer overflow caused by a specially crafted PBM image in the jxl::extras::DecodeImagePNM function...
JLSEC-2026-493 JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...
EUVD-2026-22114
ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float...
GHSA-JVGR-9PH5-M8V4 ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float
The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...
ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float
The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...
CVE-2026-40183
A flaw was found in ImageMagick, a software for editing and manipulating digital images. When a user processes an image with the JXL encoder and specifies that it should be encoded as 16-bit floats, a heap write overflow occurs. This vulnerability could allow an attacker to cause a denial of...
Heap-based Buffer Overflow
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Heap-based Buffer Overflow
Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...