Vulnerability Description
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1
- https://github.com/zhangyuanwei/node-images/blob/691d49f4e620b4eec9f1c47b1735841
- https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826
- https://gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1
- https://github.com/zhangyuanwei/node-images/blob/691d49f4e620b4eec9f1c47b1735841
- https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826
FAQ
What is CVE-2024-21523?
CVE-2024-21523 is a vulnerability with a CVSS score of 7.5 (HIGH). All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, le...
How severe is CVE-2024-21523?
CVE-2024-21523 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21523?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.