HIGH
image-size
CVE published 2026-06-09
CVE-2025-71319
CVE-2025-71319 is a high-severity denial of service vulnerability in image-size through 2.0.2. Remote attackers can exploit this vulnerability by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type, causing an infinite loop in the JXL or HEIF image parsers and permanently blocking the Node.js event loop.