Lucene search
+L

393 matches found

OSV
OSV
added 2026/07/07 12:32 p.m.2 views

SUSE-SU-2026:22566-1 Security update for jq

This update for jq fixes the following issues: - CVE-2025-48060: improper handling of string data in jvstringempty can lead to heap buffer overflow and a crash when processing crafted input bsc1244116. - CVE-2026-32316: integer overflow within the jvpstringappend and jvpstringcopyreplacebad...

8.7CVSS6.3AI score0.00559EPSS
Exploits10References23
RedhatCVE
RedhatCVE
added 2026/06/24 1:41 a.m.11 views

CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

8.7CVSS5.8AI score0.0064EPSS
Exploits1References5
Snyk
Snyk
added 2026/06/10 2:38 p.m.17 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

8.7CVSS5.4AI score0.0064EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/10 1:4 p.m.46 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0043EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/10 1:4 p.m.9 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
NVD
NVD
added 2026/06/09 9:17 p.m.17 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/06/09 7:57 p.m.9 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0064EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/09 7:57 p.m.11 views

EUVD-2025-210087

image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zer...

8.7CVSS5.5AI score0.0064EPSS
Exploits1References2
CVE
CVE
added 2026/06/09 7:57 p.m.104 views

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

8.7CVSS5.8AI score0.0064EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2026/06/09 7:57 p.m.56 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0064EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/08 8:14 p.m.10 views

CVE-2026-46276

A flaw was found in the Linux kernel's amdgpu graphics driver. This vulnerability occurs when the driver attempts to initialize zero-sized graphics memory resources on certain RDNA4 GFX 12 hardware. If a specific debugging option CONFIGDRMDEBUGMM is enabled in the kernel configuration, this...

5.5CVSS5.5AI score0.00123EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the amdgpu driver’s improper handling of initializing a zero-sized GDS range during RDNA4...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Do not request stats with a stats buffer of size “0”. Sachin reported 1 that on a POWER-10 lpar, he is encountering a kernel panic when the vPMEM is used and the paprscm probe is called. The panic occurs as...

5.5CVSS6.4AI score0.00215EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/filemap: Skip the creation of a PMD-sized page cache if necessary. On ARM64, HPAGEPMDORDER is 13 when the base page size is 64KB. The PMD-sized page cache cannot be supported by xarray, as indicated by the following error...

5.5CVSS6.2AI score0.00288EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/shmem: Disable the PMD-sized page cache if necessary. For shmem files, it’s possible that a PMD-sized page cache cannot be supported by xarray. For example, a 512MB page cache on ARM64 when the base page size is 64KB cannot be...

5.5CVSS6.2AI score0.00211EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: In net/ieee802154, there is no longer a warning being issued for zero-sized rawsendmsg requests. The syzbot bug triggers a warning when calling skbassertlen at devqueuexmit. For PFIEEE802154 sockets, a zero-sized rawsendmsg reque...

5.8AI score0.00173EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: TCP: Proper handling of extreme memory squeeze situations Testing with iperf3 using the “pasta” protocol splicer revealed a problem with how TCP handles window advertisement in extreme memory squeeze situations. Under memory...

5.5CVSS6.4AI score0.00141EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 10:19 p.m.12 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.14 views

RHEL 9 : jq (RHSA-2026:19365)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19365 advisory. jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or...

8.2CVSS7AI score0.00559EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/18 12:6 p.m.10 views

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
Rows per page
Query Builder