VYPR

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

BaseIncomplete

Description

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (456)

page 9 of 23
  • CVE-2017-14173MedSep 7, 2017
    risk 0.42cvss 6.5epss 0.02

    In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted…

  • CVE-2017-14058MedAug 31, 2017
    risk 0.42cvss 6.5epss 0.02

    In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c does not restrict reload attempts for an insufficient list, which allows remote attackers to cause a denial of service (infinite loop).

  • CVE-2016-6817HigAug 10, 2017
    risk 0.42cvss 7.5epss 0.07

    The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

  • CVE-2017-11523MedJul 22, 2017
    risk 0.42cvss 6.5epss 0.03

    The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop) via a crafted file, because the end-of-file condition is not considered.

  • CVE-2017-11478MedJul 20, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed DJVU image.

  • CVE-2017-11446MedJul 19, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an infinite loop vulnerability that can cause CPU exhaustion via a crafted PES file.

  • CVE-2017-11338MedJul 17, 2017
    risk 0.42cvss 6.5epss 0.01

    There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. A crafted input will lead to a remote denial of service attack.

  • CVE-2017-9094MedMay 19, 2017
    risk 0.42cvss 6.5epss 0.01

    The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

  • CVE-2017-9093MedMay 19, 2017
    risk 0.42cvss 6.5epss 0.01

    The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

  • CVE-2017-8112MedMay 2, 2017
    risk 0.42cvss 6.5epss 0.00

    hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count.

  • CVE-2017-7700MedApr 12, 2017
    risk 0.42cvss 6.5epss 0.02

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

  • CVE-2017-6505MedMar 15, 2017
    risk 0.42cvss 6.5epss 0.00

    The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Quick Emulator) before 2.9.0 allows local guest OS users to cause a denial of service (infinite loop) via vectors involving the number of link endpoint list descriptors, a different vulnerability than…

  • CVE-2015-8903MedFeb 27, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file.

  • CVE-2015-8902MedFeb 27, 2017
    risk 0.42cvss 6.5epss 0.02

    The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file.

  • CVE-2015-8901MedFeb 27, 2017
    risk 0.42cvss 6.5epss 0.02

    ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file.

  • CVE-2010-1282MedMay 13, 2010
    risk 0.42cvss 6.5epss 0.03

    Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

  • CVE-2026-44186HigJun 8, 2026
    risk 0.40cvss 7.3epss 0.01

    Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68,…

  • CVE-2026-34962MedMay 11, 2026
    risk 0.40cvss 6.2epss 0.00

    barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directory entry length values are non-zero. Attackers can supply a malicious ext4…

  • CVE-2026-34852MedApr 13, 2026
    risk 0.40cvss 6.1epss 0.00

    Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2026-46378higMay 19, 2026
    risk 0.39cvss epss 0.00

    ### Summary `dasel`'s selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as `r/abc`. A 2-byte input (`r/`) is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on `v3.3.1`…