Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8002 | 1 Podofo Project | 1 Podofo | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. | |||||
CVE-2017-15602 | 1 Gnu | 1 Libextractor | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size. | |||||
CVE-2018-5253 | 1 Axiosys | 1 Bento4 | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. | |||||
CVE-2017-11624 | 1 Qpdf Project | 1 Qpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." | |||||
CVE-2017-9375 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 1.9 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. | |||||
CVE-2017-15908 | 2 Canonical, Systemd Project | 2 Ubuntu Linux, Systemd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-resolved' service and cause a DoS of the affected service. | |||||
CVE-2017-14058 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop). | |||||
CVE-2017-14934 | 1 Gnu | 1 Binutils | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure. | |||||
CVE-2017-12997 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-lldp.c:lldp_private_8021_print(). | |||||
CVE-2017-12990 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. | |||||
CVE-2017-12852 | 1 Numpy | 1 Numpy | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | |||||
CVE-2018-5685 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. | |||||
CVE-2017-11118 | 1 Openexif Project | 1 Openexif | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file. | |||||
CVE-2017-9233 | 3 Debian, Libexpat Project, Python | 3 Debian Linux, Libexpat, Python | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | |||||
CVE-2017-9122 | 1 Libquicktime | 1 Libquicktime | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||||
CVE-2017-12989 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The RESP parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-resp.c:resp_get_length(). | |||||
CVE-2017-14519 | 1 Freedesktop | 1 Poppler | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | |||||
CVE-2018-5686 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file. | |||||
CVE-2017-9023 | 1 Strongswan | 1 Strongswan | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. | |||||
CVE-2017-14933 | 1 Gnu | 1 Binutils | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. |