Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-835
Total 491 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18238 2 Debian, Exempi Project 2 Debian Linux, Exempi 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.
CVE-2017-17150 1 Huawei 12 Dp300, Dp300 Firmware, Rp200 and 9 more 2019-10-02 2.1 LOW 5.5 MEDIUM
Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 have an DoS vulnerability due to insufficient validation of the parameter. An authenticated local attacker may call a special API with special parameter, which cause an infinite loop. Successful exploit of this vulnerability can allow an attacker to launch DOS attack.
CVE-2017-17131 1 Huawei 12 Dp300, Dp300 Firmware, Rp200 and 9 more 2019-10-02 6.3 MEDIUM 5.7 MEDIUM
Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V600R006C00; TE50 V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00; VP9660 V500R002C10 have an DoS vulnerability due to insufficient validation of the parameter when a putty comment key is loaded. An authenticated remote attacker can place a malformed putty key file in system when a system manager load the key an infinite loop happens which lead to reboot the system.
CVE-2017-17044 1 Xen 1 Xen 2019-10-02 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to cause a denial of service (infinite loop and host OS hang) by leveraging the mishandling of Populate on Demand (PoD) errors.
CVE-2017-15835 1 Google 1 Android 2019-10-02 3.3 LOW 6.5 MEDIUM
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, While processing the RIC Data Descriptor IE in an artificially crafted 802.11 frame with IE length more than 255, an infinite loop may potentially occur resulting in a denial of service.
CVE-2017-15602 1 Gnu 1 Libextractor 2019-10-02 5.0 MEDIUM 7.5 HIGH
In GNU Libextractor 1.4, there is an integer signedness error for the chunk size in the EXTRACTOR_nsfe_extract_method function in plugins/nsfe_extractor.c, leading to an infinite loop for a crafted size.
CVE-2017-15223 1 Argosoft 1 Mini Mail Server 2019-10-02 5.0 MEDIUM 5.3 MEDIUM
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.
CVE-2017-15024 1 Gnu 1 Binutils 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
find_abstract_instance_name in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVE-2017-14934 1 Gnu 1 Binutils 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.
CVE-2017-14933 1 Gnu 1 Binutils 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVE-2017-14932 1 Gnu 1 Binutils 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.
CVE-2017-14929 1 Freedesktop 1 Poppler 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519.
CVE-2017-14519 1 Freedesktop 1 Poppler 2019-10-02 5.0 MEDIUM 7.5 HIGH
In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop).
CVE-2017-14339 1 Yadifa 1 Yadifa 2019-10-02 7.8 HIGH 7.5 HIGH
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
CVE-2017-14229 1 Jasper Project 1 Jasper 2019-10-02 5.0 MEDIUM 7.5 HIGH
There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_dec.c of Jasper 2.0.13. It will lead to a remote denial of service attack.
CVE-2017-13193 1 Google 1 Android 2019-10-02 7.8 HIGH 7.5 HIGH
In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319.
CVE-2017-13192 1 Google 1 Android 2019-10-02 7.8 HIGH 7.5 HIGH
In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202.
CVE-2017-13191 1 Google 1 Android 2019-10-02 7.8 HIGH 7.5 HIGH
In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403.
CVE-2017-13195 1 Google 1 Android 2019-10-02 7.8 HIGH 7.5 HIGH
In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821.
CVE-2017-12990 1 Tcpdump 1 Tcpdump 2019-10-02 5.0 MEDIUM 7.5 HIGH
The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop due to bugs in print-isakmp.c, several functions.