CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-71330

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 33.1%

CVSS Severity

CVSS v3 Score 7.5

References

https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities
https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439
https://www.vulncheck.com/advisories/image-size-denial-of-service-via-malformed-icns-image-parsing

Products affected by CVE-2025-71330

Image-Size » Image-Size » Version: Any

cpe:2.3:a:image-size:image-size:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-71330

Products

Pricing

Contact Us