VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 12 of 23
  • CVE-2017-14932MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

  • CVE-2017-6267MedSep 22, 2017
    risk 0.36cvss 5.5epss 0.00

    NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.

  • CVE-2017-13756MedAug 29, 2017
    risk 0.36cvss 5.5epss 0.01

    In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.

  • CVE-2017-11118MedJul 31, 2017
    risk 0.36cvss 5.5epss 0.01

    The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.

  • CVE-2017-11627MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.01

    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

  • CVE-2017-11626MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.01

    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to…

  • CVE-2017-11625MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.01

    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."

  • CVE-2017-11624MedJul 25, 2017
    risk 0.36cvss 5.5epss 0.01

    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal,…

  • CVE-2017-7542MedJul 21, 2017
    risk 0.36cvss 5.5epss 0.00

    The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.

  • CVE-2017-11171MedJul 11, 2017
    risk 0.36cvss 5.5epss 0.00

    Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each…

  • CVE-2017-0685MedJul 6, 2017
    risk 0.36cvss 5.5epss 0.00

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.

  • CVE-2017-9222MedJun 27, 2017
    risk 0.36cvss 5.5epss 0.01

    The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.

  • CVE-2017-9375MedJun 16, 2017
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.

  • CVE-2017-9330MedJun 8, 2017
    risk 0.36cvss 5.6epss 0.00

    QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.

  • CVE-2017-9310MedJun 8, 2017
    risk 0.36cvss 5.6epss 0.00

    QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated…

  • CVE-2017-9210MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

  • CVE-2017-9209MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.

  • CVE-2017-9208MedMay 23, 2017
    risk 0.36cvss 5.5epss 0.01

    libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

  • CVE-2017-8054MedApr 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

  • CVE-2017-8053MedApr 22, 2017
    risk 0.36cvss 5.5epss 0.01

    PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).