High CVE-2025-71319 image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service vulnerability in the findBox function when processing specially crafted images with zero-sized boxes. Remote attackers can cause application hang by supplying malicious JXL, HEIF, or JP2 image files...

#Sicherheitslücke #DDoS

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

[High] CVE-2025-71319 – image-size 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2 contain a denial of service...

VERWANDTEARTIKEL

CVE-2026-11645

CVE-2026-53673 - BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter

CVE-2026-45782 - Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion

CVE-2026-46491 - SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

CVE-2026-41729 - Spring Data REST SpEL Injection via Map Key in JSON Patch

CVE-2026-41732 - In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization