CWE-617
Reachable Assertion
BaseDraft
Description
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (125)
page 4 of 7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-13727 | Med | 0.42 | 6.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-13726 | Med | 0.42 | 6.5 | 0.01 | Aug 29, 2017 | There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-13658 | Med | 0.42 | 6.5 | 0.00 | Aug 24, 2017 | In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missing NULL check in the ReadMATImage function in coders/mat.c, leading to a denial of service (assertion failure and application exit) in the DestroyImageInfo function in MagickCore/image.c. | |
| CVE-2017-13132 | Med | 0.42 | 6.5 | 0.00 | Aug 23, 2017 | In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c operates on an incorrect data structure in the "dump uncompressed PseudoColor packets" step, which allows attackers to cause a denial of service (assertion failure in WriteBlobStream in MagickCore/blob.c) via a crafted file. | |
| CVE-2017-11368 | Med | 0.42 | 6.5 | 0.01 | Aug 9, 2017 | In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. | |
| CVE-2017-12670 | Med | 0.42 | 6.5 | 0.00 | Aug 7, 2017 | In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, leading to an assertion failure in the function DestroyImage in MagickCore/image.c, which allows attackers to cause a denial of service. | |
| CVE-2017-12434 | Med | 0.42 | 6.5 | 0.00 | Aug 4, 2017 | In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service (assertion failure) in DestroyImageInfo in image.c. | |
| CVE-2017-11683 | Med | 0.42 | 6.5 | 0.00 | Jul 27, 2017 | There is a reachable assertion in the Internal::TiffReader::visitDirectory function in tiffvisitor.cpp of Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |
| CVE-2017-11524 | Med | 0.42 | 6.5 | 0.01 | Jul 23, 2017 | The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file. | |
| CVE-2017-9501 | Med | 0.42 | 6.5 | 0.00 | Jun 7, 2017 | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9500 | Med | 0.42 | 6.5 | 0.00 | Jun 7, 2017 | In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9499 | Med | 0.42 | 6.5 | 0.00 | Jun 7, 2017 | In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9142 | Med | 0.42 | 6.5 | 0.01 | May 22, 2017 | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |
| CVE-2017-9141 | Med | 0.42 | 6.5 | 0.01 | May 22, 2017 | In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | |
| CVE-2017-7479 | Med | 0.42 | 6.5 | 0.00 | May 15, 2017 | OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | |
| CVE-2017-12168 | Med | 0.39 | 6.0 | 0.00 | Sep 20, 2017 | The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR). | |
| CVE-2026-34219 | Med | 0.38 | 5.9 | 0.00 | Mar 31, 2026 | libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the representable upper bound. On a later heartbeat, the implementation performs unchecked Instant + Duration arithmetic (backoff_time + slack), which can overflow and panic with: overflow when adding duration to instant. This issue is reachable from any Gossipsub peer over normal TCP + Noise + mplex/yamux connectivity and requires no further authentication beyond becoming a protocol peer. This issue has been patched in version 0.49.4. | |
| CVE-2024-34035 | Med | 0.37 | 5.7 | 0.00 | Feb 25, 2025 | An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp. | |
| CVE-2024-34034 | Med | 0.37 | 5.7 | 0.00 | Feb 25, 2025 | An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component. | |
| CVE-2026-43346 | Med | 0.36 | 5.5 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: ice: ptp: don't WARN when controlling PF is unavailable In VFIO passthrough setups, it is possible to pass through only a PF which doesn't own the source timer. In that case the PTP controlling PF (adapter->ctrl_pf) is never initialized in the VM, so ice_get_ctrl_ptp() returns NULL and triggers WARN_ON() in ice_ptp_setup_pf(). Since this is an expected behavior in that configuration, replace WARN_ON() with an informational message and return -EOPNOTSUPP. |