Total
579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1999012 | 1 Ffmpeg | 1 Ffmpeg | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. | |||||
| CVE-2017-18236 | 3 Canonical, Debian, Exempi Project | 3 Ubuntu Linux, Debian Linux, Exempi | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Exempi before 2.4.4. The ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted .asf file. | |||||
| CVE-2018-1000075 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2017-9358 | 1 Asterisk | 2 Certified Asterisk, Open Source | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). | |||||
| CVE-2017-18183 | 1 Qpdf Project | 1 Qpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. | |||||
| CVE-2017-14229 | 1 Jasper Project | 1 Jasper | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack. | |||||
| CVE-2018-5253 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an Infinite loop via a crafted MP4 file that triggers size mishandling. | |||||
| CVE-2018-10546 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. | |||||
| CVE-2017-12990 | 1 Tcpdump | 1 Tcpdump | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions. | |||||
| CVE-2018-9251 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2019-10-03 | 2.6 LOW | 5.3 MEDIUM |
| The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. | |||||
| CVE-2017-14519 | 1 Freedesktop | 1 Poppler | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). | |||||
| CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | |||||
| CVE-2017-10986 | 1 Freeradius | 1 Freeradius | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | |||||
| CVE-2018-1000864 | 2 Jenkins, Redhat | 2 Jenkins, Openshift Container Platform | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | |||||
| CVE-2017-11171 | 1 Gnome | 1 Gnome-session | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. | |||||
| CVE-2018-14445 | 1 Axiosys | 1 Bento4 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Bento4 v1.5.1-624, AP4_File::ParseStream in Ap4File.cpp allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 file. | |||||
| CVE-2017-11626 | 1 Qpdf Project | 1 Qpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." | |||||
| CVE-2018-20578 | 1 Nuttx | 1 Nuttx | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set by default to 40), leading to an Infinite Loop. The attack vector is the Location header of an HTTP 3xx response. | |||||
| CVE-2017-9209 | 2 Canonical, Qpdf Project | 2 Ubuntu Linux, Qpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | |||||
| CVE-2017-12852 | 1 Numpy | 1 Numpy | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack. | |||||