Vulnerabilities |
2 via 4 paths |
|---|---|
Dependencies |
99 |
Source |
GitHub |
Find, fix and prevent vulnerabilities in your code.
high severity
new
- Vulnerable module: image-size
- Introduced through: @deck.gl/mesh-layers@8.8.25 and @deck.gl/geo-layers@8.8.25
Detailed paths
-
Introduced through: mtw-boilerplate-decks@MyThemeWay/mtw-boilerplate-decks › @deck.gl/mesh-layers@8.8.25 › @loaders.gl/gltf@3.4.15 › @loaders.gl/textures@3.4.15 › texture-compressor@1.0.2 › image-size@0.7.5
-
Introduced through: mtw-boilerplate-decks@MyThemeWay/mtw-boilerplate-decks › @deck.gl/geo-layers@8.8.25 › @loaders.gl/3d-tiles@3.4.15 › @loaders.gl/gltf@3.4.15 › @loaders.gl/textures@3.4.15 › texture-compressor@1.0.2 › image-size@0.7.5
Overview
Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams() and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely.
Note: This is a bypass of the fix for the vulnerability described in CVE-2025-71319.
Remediation
There is no fixed version for image-size.
References
high severity
new
- Vulnerable module: image-size
- Introduced through: @deck.gl/mesh-layers@8.8.25 and @deck.gl/geo-layers@8.8.25
Detailed paths
-
Introduced through: mtw-boilerplate-decks@MyThemeWay/mtw-boilerplate-decks › @deck.gl/mesh-layers@8.8.25 › @loaders.gl/gltf@3.4.15 › @loaders.gl/textures@3.4.15 › texture-compressor@1.0.2 › image-size@0.7.5
-
Introduced through: mtw-boilerplate-decks@MyThemeWay/mtw-boilerplate-decks › @deck.gl/geo-layers@8.8.25 › @loaders.gl/3d-tiles@3.4.15 › @loaders.gl/gltf@3.4.15 › @loaders.gl/textures@3.4.15 › texture-compressor@1.0.2 › image-size@0.7.5
Overview
Affected versions of this package are vulnerable to Infinite loop in icns.js. An ICNS file with an icon entry whose declared length is zero can hang the parser indefinitely.
Remediation
There is no fixed version for image-size.