CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
BaseIncomplete
Description
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (219)
page 6 of 11| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7850 | Med | 0.42 | 6.5 | 0.03 | Aug 7, 2017 | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | |
| CVE-2017-11523 | Med | 0.42 | 6.5 | 0.00 | Jul 22, 2017 | The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered. | |
| CVE-2017-11478 | Med | 0.42 | 6.5 | 0.00 | Jul 20, 2017 | The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image. | |
| CVE-2017-11446 | Med | 0.42 | 6.5 | 0.00 | Jul 19, 2017 | The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file. | |
| CVE-2017-11338 | Med | 0.42 | 6.5 | 0.01 | Jul 17, 2017 | There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack. | |
| CVE-2017-9094 | Med | 0.42 | 6.5 | 0.00 | May 19, 2017 | The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |
| CVE-2017-9093 | Med | 0.42 | 6.5 | 0.00 | May 19, 2017 | The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. | |
| CVE-2017-8112 | Med | 0.42 | 6.5 | 0.00 | May 2, 2017 | hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count. | |
| CVE-2017-7700 | Med | 0.42 | 6.5 | 0.01 | Apr 12, 2017 | In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. | |
| CVE-2017-6505 | Med | 0.42 | 6.5 | 0.00 | Mar 15, 2017 | The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than CVE-2017-9330. | |
| CVE-2015-8903 | Med | 0.42 | 6.5 | 0.01 | Feb 27, 2017 | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | |
| CVE-2015-8902 | Med | 0.42 | 6.5 | 0.00 | Feb 27, 2017 | The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | |
| CVE-2015-8901 | Med | 0.42 | 6.5 | 0.00 | Feb 27, 2017 | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |
| CVE-2010-1282 | Med | 0.42 | 6.5 | 0.01 | May 13, 2010 | Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file. | |
| CVE-2026-34962 | Med | 0.40 | 6.2 | 0.00 | May 11, 2026 | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4 filesystem image with a crafted directory entry containing a direntlen value of 0 to cause an infinite loop during directory listing or path resolution, resulting in the boot process hanging indefinitely. | |
| CVE-2026-34852 | Med | 0.40 | 6.1 | 0.00 | Apr 13, 2026 | Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-4179 | Med | 0.40 | 6.1 | 0.00 | Mar 16, 2026 | Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop. | |
| CVE-2015-8785 | Med | 0.40 | 6.2 | 0.00 | Feb 8, 2016 | The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov. | |
| CVE-2026-0619 | Med | 0.39 | — | 0.00 | Feb 12, 2026 | A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device. | |
| CVE-2025-27560 | Med | 0.39 | 6.0 | 0.00 | Feb 10, 2026 | Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |