Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/10 2:38 p.m.12 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

8.7CVSS5.4AI score0.00625EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/10 1:4 p.m.7 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.0043EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/10 1:4 p.m.38 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.0043EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/09 7:57 p.m.7 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.8AI score0.00625EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/04/02 12:0 a.m.9 views

PT-2026-48232

Name of the Vulnerable Software and Affected Versions image-size versions 1.1.0 through 1.2.0 image-size versions 2.0.0 through 2.0.1 Description A denial of service issue exists when processing specially crafted images with zero-sized boxes. Remote attackers can cause an application hang by...

8.7CVSS5.2AI score0.00625EPSS
Exploits1References11
Rows per page
Query Builder