High severity7.5NVD Advisory· Published Jul 10, 2024· Updated Apr 15, 2026
CVE-2024-21523
CVE-2024-21523
Description
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
imagesnpm | <= 3.2.4 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-vjpv-x8p9-7p85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21523ghsaADVISORY
- gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1nvdWEB
- github.com/zhangyuanwei/node-images/blob/691d49f4e620b4eec9f1c47b1735841d9d8b55f6/src/Image.ccnvdWEB
- security.snyk.io/vuln/SNYK-JS-IMAGES-6421826nvdWEB
News mentions
0No linked articles in our index yet.