CVE-2025-71319

A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The findBox function, responsible for image validation, enters an infinite loop when processing...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/paprscm: Do not request stats with a stats buffer of size “0”. Sachin reported 1 that on a POWER-10 lpar, he is encountering a kernel panic when the paprscm probe is called. The panic occurs as follows and is only observe...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat the remaining value being equal to 0 as an error in findandmapuserpages. Currently, if findandmapuserpages receives a DMA transfer request from the user with a length field set to 0, or in a rare case, when the...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

CVE-2025-71319

CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

EUVD-2025-210087

image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zer...

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

CVE-2026-46276

A flaw was found in the Linux kernel's amdgpu graphics driver. This vulnerability occurs when the driver attempts to initialize zero-sized graphics memory resources on certain RDNA4 GFX 12 hardware. If a specific debugging option CONFIGDRMDEBUGMM is enabled in the kernel configuration, this...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the amdgpu driver’s improper handling of initializing a zero-sized GDS range during RDNA4...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In net/ieee802154, there is no longer a warning being issued for zero-sized rawsendmsg requests. The syzbot bug triggers a warning when calling skbassertlen at devqueuexmit. For PFIEEE802154 sockets, a zero-sized rawsendmsg reque...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop in attrloadrunsrange on inconsistent metadata CVE-2025-71265 In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: check return value of indxfind to avoid...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1515)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1515 advisory. In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been...

fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST

...

CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...

UBUNTU-CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...

CVE-2025-71267

CVE-2025-71267 : In the Linux kernel ntfs3 file system, a flaw in ATTR_LIST handling can cause an infinite loop and DoS during mount. Specifically, when ntfs_load_attr_list() processes a resident ATTR_LIST with data_size set to zero, memory is still allocated due to al_aligned(0), leaving ni->...