VYPR

CWE-834

Excessive Iteration

ClassIncomplete

Description

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the product or its host system; it depends on the amount of resources consumed per iteration.

Hierarchy (View 1000)

CVEs mapped to this weakness (65)

page 2 of 4
  • CVE-2017-14057MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted ASF file, which claims a large "name_len" or "count" field in the header but does not contain sufficient backing data, is provided,…

  • CVE-2017-14056MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted RL2 file, which claims a large "frame_count" field in the header but does not contain sufficient backing data,…

  • CVE-2017-14055MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MV file, which claims a large "nb_frames" field in the header but does not contain sufficient backing data, is…

  • CVE-2017-14054MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted IVR file, which claims a large "len" field in the header but does not contain sufficient backing data, is provided, the…

  • CVE-2017-13777MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version==10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request…

  • CVE-2017-13776MedAug 30, 2017
    risk 0.42cvss 6.5epss 0.02

    GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() in a coders/xbm.c "Read hex image data" version!=10 case that results in the reader not returning; it would cause large amounts of CPU and memory consumption although the crafted file itself does not request…

  • CVE-2017-12674MedAug 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service.

  • CVE-2017-11505MedJul 21, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadOneJNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a malformed JNG file.

  • CVE-2017-11360MedJul 17, 2017
    risk 0.42cvss 6.5epss 0.01

    The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a large loop vulnerability via a crafted rle file that triggers a huge number_pixels value.

  • CVE-2017-2330MedApr 24, 2017
    risk 0.40cvss 6.2epss 0.00

    A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario, also known as a rabbit virus, or wabbit, which will create processes that…

  • CVE-2026-50171higJun 15, 2026
    risk 0.38cvss epss 0.00

    A Denial of Service (DoS) vulnerability exists in the `@angular/common` package of Angular. The `formatNumber` function, which is also utilized by `DecimalPipe`, `PercentPipe`, and `CurrencyPipe`, does not properly validate the upper bounds of the `digitsInfo` parameter.…

  • CVE-2017-13279MedApr 4, 2018
    risk 0.36cvss 5.5epss 0.01

    In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2017-0775MedSep 8, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179.

  • CVE-2017-11549MedJul 31, 2017
    risk 0.36cvss 5.5epss 0.01

    The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.

  • CVE-2017-9257MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

  • CVE-2017-9256MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

  • CVE-2017-9255MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

  • CVE-2017-9254MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

  • CVE-2017-9253MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mp4 file.

  • CVE-2026-41313MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed…