Lucene search
+L

117 matches found

osv
osv
added 2026/07/02 8:45 p.m.4 views

GHSA-5PMV-RX8R-WMV5 jxl-grid on 32-bit platforms has an out-of-bounds writes due to integer overflow

Summary On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use Address Sanitizer, which ignores...

7.3CVSS6.3AI score
Exploits0References3
osv
osv
added 2026/07/02 8:45 p.m.5 views

GHSA-66M8-C62J-H6V5 jxl-oxide: `FrameBuffer::new` creates out-of-bounds slices on overflow

Summary jxl-oxide exposes a public safe API that can construct an undersized FrameBuffer due to unchecked usize multiplication, which immediately trigger panic while initializing the buffer in normal decoding path. Additionally, calling the safe grouped buffer accessors afterward can create inval...

6.2CVSS6AI score
Exploits0References2
nessus
nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

8.7CVSS6.2AI score0.0064EPSS
Exploits1References2
susecve
susecve
added 2026/06/13 2:30 a.m.13 views

SUSE CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.7AI score0.0043EPSS
Exploits1References3
snyk
snyk
added 2026/06/10 2:38 p.m.9 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

8.7CVSS5.4AI score0.0064EPSS
Exploits2References2
nvd
nvd
added 2026/06/10 2:16 p.m.14 views

CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0043EPSS
Exploits1References3
euvd
euvd
added 2026/06/10 1:4 p.m.14 views

EUVD-2025-210106

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
cvelist
cvelist
added 2026/06/10 1:4 p.m.44 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0043EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/06/10 1:4 p.m.9 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/06/10 12:0 a.m.19 views

PT-2026-48403

Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop. By supplying a specially crafted image buffer containing a box-type with a zero-valued size...

8.7CVSS5.5AI score0.0043EPSS
Exploits1References8
cnnvd
cnnvd
added 2026/06/10 12:0 a.m.16 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the JXL or HEIF image parser, which could allow remote attackers to permanently block the...

8.7CVSS6AI score0.0043EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/06/09 7:57 p.m.9 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0064EPSS
Exploits1References3
osv
osv
added 2026/06/09 7:57 p.m.2 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS6.2AI score0.0064EPSS
Exploits1References11
vulnersosv
vulnersosv
added 2026/05/29 12:0 p.m.9 views

dicom-transfer-syntax-registry (>=0.8.2 <=0.9.1), dset (>=0.1.0 <=0.1.2) +10 more potentially affected by unknown CVE via jxl-grid (>=0.1.1 <=0.5.3)

jxl-grid CARGO version =0.1.1, =0.8.2, =0.1.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.5.0-rc0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0151...

5.5AI score
Exploits0
osv
osv
added 2026/05/29 12:0 p.m.9 views

RUSTSEC-2026-0151 Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

6.2AI score
Exploits0References3
rustsec
rustsec
added 2026/05/29 12:0 p.m.18 views

Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

6.2AI score
Exploits0Affected Software1
attackerkb
attackerkb
added 2026/05/27 12:0 a.m.9 views

CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

6AI score0.00367EPSS
Exploits0References5
osv
osv
added 2026/05/13 1:42 a.m.9 views

JLSEC-2026-495 GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c,...

GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call...

4CVSS5.9AI score0.00339EPSS
Exploits1References6
suse
suse
added 2026/04/24 11:44 a.m.7 views

Security update for ImageMagick

This update for ImageMagick fixes the following issues: CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. CVE-2026-33901: Denial of Service due to heap buffer overflow in MVG...

8.7CVSS5.8AI score0.00566EPSS
Exploits0References48
osv
osv
added 2026/04/24 11:44 a.m.7 views

SUSE-SU-2026:1598-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-33899: Denial of Service via out-of-bounds write in XML parsing bsc1262154. - CVE-2026-33900: Denial of Service via integer truncation in viff encoder bsc1262156. - CVE-2026-33901: Denial of Service due to heap buffer overflow in...

7.5CVSS5.9AI score0.00566EPSS
Exploits0References25
Rows per page
Query Builder