CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
Description
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (456)
page 12 of 23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14932 | Med | 0.36 | 5.5 | 0.01 | Sep 30, 2017 | decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file. | ||
| CVE-2017-6267 | Med | 0.36 | 5.5 | 0.00 | Sep 22, 2017 | NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service. | ||
| CVE-2017-13756 | Med | 0.36 | 5.5 | 0.01 | Aug 29, 2017 | In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls. | ||
| CVE-2017-11118 | Med | 0.36 | 5.5 | 0.01 | Jul 31, 2017 | The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file. | ||
| CVE-2017-11627 | Med | 0.36 | 5.5 | 0.01 | Jul 25, 2017 | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." | ||
| CVE-2017-11626 | Med | 0.36 | 5.5 | 0.01 | Jul 25, 2017 | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to… | ||
| CVE-2017-11625 | Med | 0.36 | 5.5 | 0.01 | Jul 25, 2017 | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." | ||
| CVE-2017-11624 | Med | 0.36 | 5.5 | 0.01 | Jul 25, 2017 | A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal,… | ||
| CVE-2017-7542 | Med | 0.36 | 5.5 | 0.00 | Jul 21, 2017 | The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket. | ||
| CVE-2017-11171 | Med | 0.36 | 5.5 | 0.00 | Jul 11, 2017 | Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each… | ||
| CVE-2017-0685 | Med | 0.36 | 5.5 | 0.00 | Jul 6, 2017 | A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195. | ||
| CVE-2017-9222 | Med | 0.36 | 5.5 | 0.01 | Jun 27, 2017 | The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file. | ||
| CVE-2017-9375 | Med | 0.36 | 5.5 | 0.00 | Jun 16, 2017 | QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. | ||
| CVE-2017-9330 | Med | 0.36 | 5.6 | 0.00 | Jun 8, 2017 | QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. | ||
| CVE-2017-9310 | Med | 0.36 | 5.6 | 0.00 | Jun 8, 2017 | QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated… | ||
| CVE-2017-9210 | Med | 0.36 | 5.5 | 0.01 | May 23, 2017 | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. | ||
| CVE-2017-9209 | Med | 0.36 | 5.5 | 0.01 | May 23, 2017 | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. | ||
| CVE-2017-9208 | Med | 0.36 | 5.5 | 0.01 | May 23, 2017 | libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. | ||
| CVE-2017-8054 | Med | 0.36 | 5.5 | 0.01 | Apr 22, 2017 | The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document. | ||
| CVE-2017-8053 | Med | 0.36 | 5.5 | 0.01 | Apr 22, 2017 | PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp). |
- risk 0.36cvss 5.5epss 0.01
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
- risk 0.36cvss 5.5epss 0.00
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service.
- risk 0.36cvss 5.5epss 0.01
In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers infinite recursion in dos_load_ext_table() in tsk/vs/dos.c in libtskvs.a, as demonstrated by mmls.
- risk 0.36cvss 5.5epss 0.01
The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.
- risk 0.36cvss 5.5epss 0.01
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
- risk 0.36cvss 5.5epss 0.01
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to…
- risk 0.36cvss 5.5epss 0.01
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
- risk 0.36cvss 5.5epss 0.01
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal,…
- risk 0.36cvss 5.5epss 0.00
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
- risk 0.36cvss 5.5epss 0.00
Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each…
- risk 0.36cvss 5.5epss 0.00
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.
- risk 0.36cvss 5.5epss 0.01
The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
- risk 0.36cvss 5.5epss 0.00
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing.
- risk 0.36cvss 5.6epss 0.00
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505.
- risk 0.36cvss 5.6epss 0.00
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated…
- risk 0.36cvss 5.5epss 0.01
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
- risk 0.36cvss 5.5epss 0.01
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
- risk 0.36cvss 5.5epss 0.01
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
- risk 0.36cvss 5.5epss 0.01
The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.
- risk 0.36cvss 5.5epss 0.01
PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).