{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-71319", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-06-08T20:44:31.209Z", "datePublished": "2026-06-09T19:57:16.125Z", "dateUpdated": "2026-07-10T12:05:42.627Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-06-23T16:13:35.342Z" }, "title": "image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser", "descriptions": [ { "lang": "en", "value": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application." } ], "tags": [ "x_open-source", "unsupported-when-assigned" ], "datePublic": "2025-04-18T00:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition ('Infinite Loop')", "type": "CWE" } ] } ], "affected": [ { "vendor": "image-size", "product": "image-size", "defaultStatus": "unaffected", "packageURL": "pkg:npm/image-size", "versions": [ { "version": "1.1.0", "status": "affected", "versionType": "semver", "lessThanOrEqual": "1.2.1" }, { "status": "affected", "version": "2.0.0", "versionType": "semver", "lessThanOrEqual": "2.0.2" } ], "repo": "https://github.com/image-size/image-size" } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV4_0": { "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" } }, { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } } ], "references": [ { "url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities", "tags": [ "technical-description", "exploit" ] }, { "url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439", "tags": [ "issue-tracking" ] }, { "url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser", "tags": [ "third-party-advisory" ] } ], "credits": [ { "lang": "en", "value": "Joshua Rogers (@MegaManSec)", "type": "finder" } ], "source": { "discovery": "EXTERNAL" }, "x_generator": { "engine": "vulncheck" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-06-10T15:28:34.029349Z", "id": "CVE-2025-71319", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-10T16:32:56.781Z" } }, { "affected": [ { "cpes": [ "cpe:/a:redhat:discovery:2::el9" ], "defaultStatus": "affected", "product": "Red Hat Discovery 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:trusted_artifact_signer:1.4::el9" ], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer 1.4", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:gatekeeper:3" ], "defaultStatus": "affected", "product": "Gatekeeper 3", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:podman_desktop:1" ], "defaultStatus": "affected", "product": "Red Hat Build of Podman Desktop", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "unaffected", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_devspaces:3" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:satellite:6" ], "defaultStatus": "unaffected", "product": "Red Hat Satellite 6", "vendor": "Red Hat" } ], "datePublic": "2026-06-09T19:57:16.125Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2025-71319" }, { "name": "RHBZ#2487296", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:33313" }, { "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2026:37272" } ], "solutions": [ { "lang": "en", "value": "RHSA-2026:33313: Red Hat Discovery 2" }, { "lang": "en", "value": "RHSA-2026:37272: Red Hat Trusted Artifact Signer 1.4" } ], "timeline": [ { "lang": "en", "time": "2026-06-09T21:01:11.339Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-06-09T19:57:16.125Z", "value": "Made public." } ], "title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability." } ], "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-07-10T12:05:42.627Z" } } ] } }