VYPR

CWE-617

Reachable Assertion

BaseDraft

Description

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (267)

page 5 of 14
  • CVE-2025-69653MedMar 6, 2026
    risk 0.42cvss 6.5epss 0.00

    A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads…

  • CVE-2025-59530HigOct 10, 2025
    risk 0.42cvss 7.5epss 0.00

    quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This…

  • CVE-2025-22919MedFeb 18, 2025
    risk 0.42cvss 6.5epss 0.00

    A reachable assertion in FFmpeg git-master commit N-113007-g8d24a28d06 allows attackers to cause a Denial of Service (DoS) via opening a crafted AAC file.

  • CVE-2024-7139MedDec 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service.  If a watchdog timer is not enabled, a hard reset is required to recover the device.

  • CVE-2024-7138MedDec 19, 2024
    risk 0.42cvss 6.5epss 0.00

    An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device.

  • CVE-2024-53856HigDec 5, 2024
    risk 0.42cvss 7.5epss 0.00

    rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1.

  • CVE-2024-8768HigSep 17, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

  • CVE-2024-31744HigApr 19, 2024
    risk 0.42cvss 7.5epss 0.01

    In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, allowing attackers to cause a denial of service attack through a specific image file.

  • CVE-2022-29977MedMay 11, 2022
    risk 0.42cvss 6.5epss 0.01

    There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.

  • CVE-2018-17096MedSep 16, 2018
    risk 0.42cvss 6.5epss 0.02

    The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.

  • CVE-2018-15822HigAug 23, 2018
    risk 0.42cvss 7.5epss 0.03

    The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

  • CVE-2018-9303MedApr 4, 2018
    risk 0.42cvss 6.5epss 0.01

    In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort.

  • CVE-2018-9252MedApr 4, 2018
    risk 0.42cvss 6.5epss 0.02

    JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.

  • CVE-2018-4113MedApr 3, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves…

  • CVE-2017-18252MedMar 27, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList function in MagickWand/mogrify.c allows attackers to cause a denial of service (assertion failure and application exit in ReplaceImageInList) via a crafted file.

  • CVE-2017-17722MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.01

    In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.

  • CVE-2017-16818MedDec 20, 2017
    risk 0.42cvss 6.5epss 0.02

    RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticated users to cause a denial of service (assertion failure and application exit) by leveraging "full" (not necessarily admin) privileges to post an invalid profile to the admin API, related to…

  • CVE-2017-13673MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.03

    The vga display update in mis-calculated the region for the dirty bitmap snapshot in case split screen mode is used causing a denial of service (assertion failure) in the cpu_physical_memory_snapshot_get_dirty function.

  • CVE-2017-13727MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.02

    There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-13726MedAug 29, 2017
    risk 0.42cvss 6.5epss 0.03

    There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack.