Total
551 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9352 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | |||||
CVE-2017-11627 | 1 Qpdf Project | 1 Qpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." | |||||
CVE-2015-7850 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | |||||
CVE-2017-17681 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service (CPU exhaustion) via a crafted psd image file. | |||||
CVE-2017-14229 | 1 Jasper Project | 1 Jasper | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |||||
CVE-2017-11446 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | |||||
CVE-2017-9209 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | |||||
CVE-2017-13195 | 1 Google | 1 Android | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821. | |||||
CVE-2017-13192 | 1 Google | 1 Android | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202. | |||||
CVE-2017-10985 | 1 Freeradius | 1 Freeradius | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | |||||
CVE-2017-9208 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. | |||||
CVE-2017-16944 | 2 Debian, Exim | 2 Debian Linux, Exim | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function. | |||||
CVE-2017-6056 | 2 Canonical, Debian | 2 Ubuntu Linux, Debian Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu. | |||||
CVE-2017-7702 | 1 Wireshark | 1 Wireshark | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. | |||||
CVE-2016-1981 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated descriptor buffer. A privileged user inside guest could use this flaw to crash the QEMU instance resulting in DoS. | |||||
CVE-2017-7700 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. | |||||
CVE-2017-9094 | 1 Entropymine | 1 Imageworsener | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |||||
CVE-2017-6299 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c." | |||||
CVE-2017-5973 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence. | |||||
CVE-2015-8901 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. |