Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18651 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. | |||||
| CVE-2018-14342 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribute lengths. | |||||
| CVE-2018-11813 | 1 Ijg | 1 Libjpeg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. | |||||
| CVE-2018-11507 | 1 Flif | 1 Flif | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. | |||||
| CVE-2017-13279 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439. | |||||
| CVE-2024-8049 | 1 Progress | 1 Telerik Document Processing Libraries | 2024-11-18 | N/A | 6.5 MEDIUM |
| In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | |||||
| CVE-2022-48939 | 1 Linux | 1 Linux Kernel | 2024-08-22 | N/A | 3.3 LOW |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner. | |||||
| CVE-2024-42237 | 1 Linux | 1 Linux Kernel | 2024-08-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it. | |||||