Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions

Severity:: Medium

Description

Product: Nuxt OG Image Version: 6.1.2 CWE-ID: CWE-404: Improper Resource Shutdown or Release Description: Failure to limit the length and width of the generated image results in a denial of service.

Recommendation

Update the nuxt-og-image package to the latest compatible version. Followings are version details:

Affected version(s): < 6.2.5
Patched version(s): 6.2.5

References

GHSA-c7xp-q6q8-hg76
CVE-2026-34404
CWE-400
CWE-404
CAPEC-310
OWASP 2021-A6

Related Issues

Nuxt OG Image is vulnerable to reflected XSS via query parameter injection into HTML attributes - CVE-2026-34405
jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder - CVE-2026-24133
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion - CVE-2026-45740
Marked Vulnerable to OOM Denial of Service via Infinite Recursion in marked Tokenizer - CVE-2026-41680

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; nuxt-og-image

Anything's wrong? Let us know Last updated on April 06, 2026