GHSA-m5qc-5hw7-8vg7: image-size Denial of Service via Infinite Loop during Image Processing
(updated )
image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images.
The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0.
References
- github.com/advisories/GHSA-m5qc-5hw7-8vg7
- github.com/image-size/image-size/commit/8994131c7c3ee8da1699e04700c95e0e683a0c68
- github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7
- joshua.hu/image-size-infinite-loop-dos-vulnerabilities
- nvd.nist.gov/vuln/detail/CVE-2025-71319
- web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439
- www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser
Code Behaviors & Features
Detect and mitigate GHSA-m5qc-5hw7-8vg7 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →