Search
Total
223 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11171 | 1 Gnome | 1 Gnome-session | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible. | |||||
| CVE-2017-11118 | 1 Openexif Project | 1 Openexif | 2019-10-03 | 7.1 HIGH | 5.5 MEDIUM |
| The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file. | |||||
| CVE-2017-0685 | 1 Google | 1 Android | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195. | |||||
| CVE-2017-11478 | 1 Imagemagick | 1 Imagemagick | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | |||||
| CVE-2018-9251 | 2 Debian, Xmlsoft | 2 Debian Linux, Libxml2 | 2019-10-03 | 2.6 LOW | 5.3 MEDIUM |
| The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. | |||||
| CVE-2018-9058 | 1 Long Range Zip Project | 1 Long Range Zip | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the runzip_fd function of runzip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted lrz file. | |||||
| CVE-2018-8017 | 1 Apache | 1 Tika | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. | |||||
| CVE-2018-8036 | 1 Apache | 1 Pdfbox | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. | |||||
| CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | |||||
| CVE-2018-7174 | 1 Xpdfreader | 1 Xpdf | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. | |||||
| CVE-2018-6977 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2019-10-03 | 4.9 MEDIUM | 6.5 MEDIUM |
| VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Successfully exploiting this issue may allow an attacker with normal user privileges in the guest to make the VM unresponsive, and in some cases, possibly result other VMs on the host or the host itself becoming unresponsive. | |||||
| CVE-2018-6253 | 5 Freebsd, Linux, Microsoft and 2 more | 5 Freebsd, Linux Kernel, Windows and 2 more | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service. | |||||
| CVE-2018-5711 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. | |||||
| CVE-2018-5685 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GraphicsMagick 1.3.27, there is an infinite loop and application hang in the ReadBMPImage function (coders/bmp.c). Remote attackers could leverage this vulnerability to cause a denial of service via an image file with a crafted bit-field mask value. | |||||
| CVE-2018-20348 | 1 Libpff Project | 1 Libpff | 2019-10-03 | 1.9 LOW | 5.5 MEDIUM |
| libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c. | |||||
| CVE-2018-20099 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-1999044 | 1 Jenkins | 1 Jenkins | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop. | |||||
| CVE-2018-1999012 | 1 Ffmpeg | 1 Ffmpeg | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| FFmpeg before commit 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 contains a CWE-835: Infinite loop vulnerability in pva format demuxer that can result in a Vulnerability that allows attackers to consume excessive amount of resources like CPU and RAM. This attack appear to be exploitable via specially crafted PVA file has to be provided as input. This vulnerability appears to have been fixed in 9807d3976be0e92e4ece3b4b1701be894cd7c2e1 and later. | |||||
| CVE-2018-19826 | 1 Sass-lang | 1 Libsass | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design. | |||||
| CVE-2018-19108 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. | |||||
| CVE-2018-18915 | 1 Exiv2 | 1 Exiv2 | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.27-RC1. A crafted input will lead to a remote denial of service attack. | |||||
| CVE-2018-17197 | 1 Apache | 1 Tika | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika. | |||||
| CVE-2018-17042 | 1 Scalabium | 1 Dbf2txt | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop. | |||||