8.7
CVE-2025-71330
- EPSS 0.43%
- Veröffentlicht 10.06.2026 13:02:04
- Zuletzt bearbeitet 15.06.2026 17:00:32
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Loginimage-size 2.0.2 Denial of Service via Malformed ICNS Image Parsing
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Image-size ≫ Image-size Version >= 1.1.0 <= 1.2.1
Image-size ≫ Image-size Version >= 2.0.0 <= 2.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.343 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| disclosure@vulncheck.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities
https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439
https://www.vulncheck.com/advisories/image-size-denial-of-service-via-malformed-icns-image-parsing