GHSA-m5qc-5hw7-8vg7: image-size Denial of Service via Infinite Loop during Image Processing

April 2, 2025

image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images.

The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0.

References

github.com/advisories/GHSA-m5qc-5hw7-8vg7
github.com/image-size/image-size
github.com/image-size/image-size/commit/8994131c7c3ee8da1699e04700c95e0e683a0c68
github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7

Code Behaviors & Features

Detect and mitigate GHSA-m5qc-5hw7-8vg7 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →