All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.
History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Npmjs
Npmjs images
CPEs cpe:2.3:a:npmjs:images:*:*:*:*:*:*:*:*
Vendors & Products Npmjs
Npmjs images
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-07-10T05:00:01.393Z

Updated: 2026-06-26T15:25:05.686Z

Reserved: 2023-12-22T12:33:20.121Z

Link: CVE-2024-21523

cve-icon Vulnrichment

Updated: 2024-08-01T22:27:34.807Z

cve-icon NVD

Status : Deferred

Published: 2024-07-10T05:15:11.153

Modified: 2026-06-17T07:09:40.427

Link: CVE-2024-21523

cve-icon Redhat

No data.