VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 13 of 23
  • CVE-2017-2417MedApr 2, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to cause a denial of…

  • CVE-2017-5973MedMar 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors related to control transfer descriptor sequence.

  • CVE-2017-5987MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.00

    The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local OS guest privileged users to cause a denial of service (infinite loop and QEMU process crash) via vectors involving the transfer mode register during multi block transfer.

  • CVE-2017-6314MedMar 10, 2017
    risk 0.36cvss 5.5epss 0.02

    The make_available_at_least function in io-tiff.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (infinite loop) via a large TIFF file.

  • CVE-2017-5852MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.01

    The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

  • CVE-2017-6299MedFeb 24, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

  • CVE-2016-9776MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Controller emulator support is vulnerable to an infinite loop issue. It could occur while receiving packets in 'mcf_fec_receive'. A privileged user/process inside guest could use this issue to crash the QEMU process…

  • CVE-2016-1981MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with the e1000 NIC emulation support is vulnerable to an infinite loop issue. It could occur while processing data via transmit or receive descriptors, provided the initial receive/transmit descriptor head (TDH/RDH) is set outside the allocated…

  • CVE-2015-8558MedMay 23, 2016
    risk 0.36cvss 5.5epss 0.00

    The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list.

  • CVE-2012-1186MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete…

  • CVE-2012-0248MedJun 5, 2012
    risk 0.36cvss 5.5epss 0.02

    ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

  • CVE-2026-44740MedJun 1, 2026
    risk 0.35cvss 6.5epss 0.00

    Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues…

  • CVE-2026-28214MedApr 17, 2026
    risk 0.35cvss 6.5epss 0.01

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user…

  • CVE-2026-32889MedMar 20, 2026
    risk 0.35cvss 6.5epss 0.00

    tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically…

  • CVE-2024-28836MedApr 3, 2024
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a…

  • CVE-2018-14621MedAug 30, 2018
    risk 0.35cvss 5.3epss 0.02

    An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other…

  • CVE-2018-1999044MedAug 23, 2018
    risk 0.35cvss 6.5epss 0.01

    A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter an infinite loop.

  • CVE-2018-9251MedApr 4, 2018
    risk 0.35cvss 5.3epss 0.02

    The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

  • CVE-2026-8318MedMay 11, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toc_transformer of the file pageindex/page_index.py of the component PDF Table of Contents Handler. The manipulation results…

  • CVE-2026-41511MedMay 8, 2026
    risk 0.33cvss 6.2epss 0.00

    OpenMcdf is a fully .NET / C# library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary (CFB) document. A crafted CFB…