CVE-2025-71330EPSS p33.2%

CVE-2025-71330CVE-2025-71330

image-size / image-size

Description

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted ICNS image buffer. Attackers can craft an ICNS buffer containing valid magic bytes and a zero-valued entry length field to trigger an infinite loop in the ICNS parser, as the offset is never incremented when the entry length field is 0, causing the while loop condition to remain true indefinitely.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS0.42% probability of exploitation · percentile 33.2% · 2026-06-18T12:00:27Z
Last modified2026-06-15

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-71329
CVE
CVE-2025-71319
CVE
CVE-2026-26740
CVE
CVE-2026-30141
CVE
CVE-2026-32284
CVE
CVE-2025-47372
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.