CNNVD-202512-3821 Information

CNNVD ID

CNNVD-202512-3821

Related CVE

CVE-2025-66909

• CNNVD Published: 2025-12-19

Description (Chinese)

turms是turms-im开源的一个即时通讯引擎。 turms AI-Serving module v0.10.0-SNAPSHOT及之前版本存在安全漏洞，该漏洞源于图像解压缩炸弹，可能导致拒绝服务。

Description (English)

Turms is an instant communication engine for the turms-im open source. There is a security loophole in the turms AI-Serving Modeule v. 0.10.0-SNAPSHOT and earlier versions, which originates from image decompression bombs and may lead to the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

turms-im

Published

2025-12-19

Last Modified

2026-02-24

References

https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66909_report.md https://github.com/turms-im/turms https://github.com/turms-im/turms/blob/develop/turms-ai-serving/src/main/java/ai/djl/opencv/ExtendedOpenCVImage.java#L37