Total
550 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11478 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | |||||
CVE-2017-9346 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | |||||
CVE-2017-16932 | 1 Xmlsoft | 1 Libxml2 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities. | |||||
CVE-2017-9310 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 1.9 LOW | 5.6 MEDIUM |
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. | |||||
CVE-2017-11626 | 1 Qpdf Project | 1 Qpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." | |||||
CVE-2017-9461 | 3 Debian, Redhat, Samba | 8 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more | 2023-12-10 | 6.8 MEDIUM | 6.5 MEDIUM |
smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | |||||
CVE-2017-9258 | 1 Surina | 1 Soundtouch | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file. | |||||
CVE-2017-15223 | 1 Argosoft | 1 Mini Mail Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop. | |||||
CVE-2017-12995 | 1 Tcpdump | 1 Tcpdump | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due to a bug in print-domain.c:ns_print(). | |||||
CVE-2017-11338 | 1 Exiv2 | 1 Exiv2 | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |||||
CVE-2017-9222 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | |||||
CVE-2017-13767 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation. | |||||
CVE-2017-14173 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. | |||||
CVE-2017-11410 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702. | |||||
CVE-2017-14741 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7-3 allows remote attackers to cause a denial of service (infinite loop) via a crafted font file. | |||||
CVE-2017-17044 | 1 Xen | 1 Xen | 2023-12-10 | 4.9 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors. | |||||
CVE-2017-14932 | 1 Gnu | 1 Binutils | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | |||||
CVE-2017-11523 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. | |||||
CVE-2017-13728 | 1 Gnu | 1 Ncurses | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. | |||||
CVE-2017-11171 | 1 Gnome | 1 Gnome-session | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. |