High severity7.5NVD Advisory· Published Jul 10, 2024· Updated Apr 15, 2026
CVE-2024-21523
CVE-2024-21523
Description
All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. Note: By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
imagesnpm | <= 3.2.4 | — |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vjpv-x8p9-7p85ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21523ghsaADVISORY
- gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1nvdWEB
- github.com/zhangyuanwei/node-images/blob/691d49f4e620b4eec9f1c47b1735841d9d8b55f6/src/Image.ccnvdWEB
- security.snyk.io/vuln/SNYK-JS-IMAGES-6421826nvdWEB
News mentions
0No linked articles in our index yet.