From 640a67d9e821baee4cb596def8db00627f649dfc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?=
 <aditya@netroy.in>
Date: Wed, 2 Apr 2025 16:28:35 +0200
Subject: [PATCH 1/2] fix potential Denial of Service via specially crafted
 payloads

---
 lib/types/utils.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/types/utils.ts b/lib/types/utils.ts
index 4a6496c3..5ba040fa 100644
--- a/lib/types/utils.ts
+++ b/lib/types/utils.ts
@@ -79,6 +79,8 @@ export function findBox(input: Uint8Array, boxName: string, offset: number) {
     const box = readBox(input, offset)
     if (!box) break
     if (box.name === boxName) return box
-    offset += box.size
+    // Fix the infinite loop by ensuring offset always increases
+    // If box.size is 0, advance by at least 8 bytes (the size of the box header)
+    offset += box.size > 0 ? box.size : 8
   }
 }

From a4178fbb334ddb22d94cb4228ed597c24fd02e10 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E0=A4=95=E0=A4=BE=E0=A4=B0=E0=A4=A4=E0=A5=8B=E0=A4=AB?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=AB=E0=A5=87=E0=A4=B2=E0=A4=B8=E0=A5=8D=E0=A4=95?=
 =?UTF-8?q?=E0=A5=8D=E0=A4=B0=E0=A4=BF=E0=A4=AA=E0=A5=8D=E0=A4=9F=E2=84=A2?=
 <aditya@netroy.in>
Date: Wed, 2 Apr 2025 16:29:06 +0200
Subject: [PATCH 2/2] 1.2.1

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 6c7ef2f3..c241dd15 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "image-size",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "get dimensions of any image file",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",