HIGH🇬🇧 English

CVE-2025-71330

CVSS 8.7v4.0pub. 2026-06-10upd. 2026-06-15

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Image Size

    APP
    Image-Size
    1.1.0 – 1.2.12.0.0 – 2.0.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2025-71329HIGH8.7ten sam produkt

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanentl...

CVE-2025-71319HIGH8.7ten sam produkt

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanentl...

CVE-2025-71330 — HIGH 8.7 | CVEbaza.pl