Lucene search
K

129 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 1:41 a.m.8 views

CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/15 2:36 p.m.10 views

CVE-2025-71329

A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...

8.7CVSS5.6AI score0.0043EPSS
Exploits1References6
Debian
Debian
added 2026/06/12 6:50 p.m.10 views

[SECURITY] [DSA 6342-1] jpeg-xl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 12, 2026 https://www.debian.org/security/faq -...

7.3CVSS5.8AI score0.00367EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.6 views

Debian dsa-6342 : jpeg-xl-doc - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6342 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6342-1 [email protected] https://www.debian.org/security/ Moritz...

7.3CVSS6.1AI score0.00367EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 9:17 p.m.12 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.00625EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/09 7:57 p.m.41 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.00625EPSS
Exploits1References3
CVE
CVE
added 2026/06/09 7:57 p.m.62 views

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size from 1.1.0 to 1.2.1 and from 2.0.0 to 2.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the findBox function, which had a denial-of-service vulnerability when processin...

8.7CVSS5.9AI score0.00625EPSS
Exploits1References3
OSV
OSV
added 2026/06/08 12:20 p.m.6 views

USN-8397-1 jpeg-xl vulnerability

It was discovered that libjxl did not properly handle certain crafted PBM images. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service, or execute arbitrary code...

7.3CVSS5.8AI score0.00367EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/05 4:9 a.m.10 views

[SECURITY] Fedora 43 Update: jpegxl-0.11.2-1.fc43

This package contains a reference implementation of JPEG XL encoder and decoder...

8.8CVSS5.8AI score0.00199EPSS
Exploits1
OSV
OSV
added 2026/05/29 5:52 p.m.8 views

GHSA-RR89-W3H9-M66J ExifReader is vulnerable to denial of service via unbounded decompression of image metadata

Impact Versions of ExifReader from 4.20.0 through 4.38.1 do not bound the size of decompressed metadata blocks. When a caller invokes the asynchronous API e.g. ExifReader.loadfile or ExifReader.loadbuffer, async: true on an attacker-supplied image, a small compressed chunk in the file can expand ...

6.9CVSS5.8AI score0.00464EPSS
Exploits0References6
Fedora
Fedora
added 2026/05/29 1:13 a.m.9 views

[SECURITY] Fedora 44 Update: jpegxl-0.11.2-1.fc44

This package contains a reference implementation of JPEG XL encoder and decoder...

8.8CVSS5.8AI score0.00199EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

libjxl 安全漏洞

libjxl is an open-source implementation of the JPEG XL image format. Version 0.12.0 of libjxl contains a security vulnerability, which stems from a heap buffer overflow caused by a specially crafted PBM image in the jxl::extras::DecodeImagePNM function...

7.3CVSS6AI score0.00367EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 1:42 a.m.8 views

JLSEC-2026-493 JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...

4.3CVSS5.8AI score0.00413EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/14 6:50 p.m.2 views

EUVD-2026-22114

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float...

5.5CVSS6.1AI score0.00187EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 6:50 p.m.4 views

GHSA-JVGR-9PH5-M8V4 ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float

The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/14 6:50 p.m.7 views

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float

The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References6Affected Software17
RedhatCVE
RedhatCVE
added 2026/04/13 10:27 p.m.4 views

CVE-2026-40183

A flaw was found in ImageMagick, a software for editing and manipulating digital images. When a user processes an image with the JXL encoder and specifies that it should be encoded as 16-bit floats, a heap write overflow occurs. This vulnerability could allow an attacker to cause a denial of...

5.5CVSS5.7AI score0.00187EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/13 10:11 p.m.5 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.8CVSS6.1AI score0.00187EPSS
Exploits0References2
Rows per page
Query Builder