Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | |||||
CVE-2018-11657 | 1 Miniupnp Project | 1 Ngiflib | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif. | |||||
CVE-2018-7174 | 1 Xpdfreader | 1 Xpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. | |||||
CVE-2018-10289 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |||||
CVE-2018-1338 | 1 Apache | 1 Tika | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. | |||||
CVE-2018-1000075 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. | |||||
CVE-2018-7421 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification. | |||||
CVE-2017-18271 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop vulnerability was found in the function ReadMIFFImage in coders/miff.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted MIFF image file. | |||||
CVE-2017-17150 | 1 Huawei | 12 Dp300, Dp300 Firmware, Rp200 and 9 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack. | |||||
CVE-2018-9058 | 1 Long Range Zip Project | 1 Long Range Zip | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
CVE-2018-10546 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | |||||
CVE-2018-5786 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and application hang in the get_fileinfo function (lrzip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
CVE-2018-7331 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-ber.c had an infinite loop that was addressed by validating a length. | |||||
CVE-2018-11365 | 1 Wizardmac | 1 Readstat | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. | |||||
CVE-2018-1041 | 2 Jboss, Redhat | 3 Jboss-remoting, Jboss Enterprise Application Platform, Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. | |||||
CVE-2018-7330 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type. | |||||
CVE-2018-7325 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpki-rtr.c had an infinite loop that was addressed by validating a length field. | |||||
CVE-2018-7327 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths. | |||||
CVE-2018-12228 | 1 Asterisk | 1 Open Source | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk gets caught in an infinite loop while trying to read the data stream. This renders the system unusable. | |||||
CVE-2018-5381 | 4 Canonical, Debian, Quagga and 1 more | 5 Ubuntu Linux, Debian Linux, Quagga and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. |