CVE Vulnerabilities

CVE-2025-71319

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Jun 09, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
root.io logo minimus.io logo echo.ai logo

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

NameVendorStart VersionEnd Version
Image-sizeImage-size*2.0.2 (including)
Red Hat Discovery 2RedHatdiscovery/discovery-ui-rhel9:1782756541*

References