CVE-2025-71319
EUVD-2025-21008709.06.2026, 21:17
image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files with box size zero, triggering infinite loops during image validation.
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration