CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1052 vulnerabilities reference this CWE, most recent first.
GHSA-VQ2F-VCC9-J8MV
Vulnerability from github – Published: 2026-06-19 20:46 – Updated: 2026-06-19 20:46Impact
Given a malformed {% case %} tag without associated {% when %} or {% else %} block, and no terminating {% endcase %} tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack.
Patches
The issue is fixed in version 2.2.1 with the correction of the liquid.TokenStream.eof attribute. The kind and value of the special EOF token are now the same, so either can be tested against liquid.token.TOKEN_EOF.
Workarounds
Manually correct the definition of liquid.TokenStream.eof before parsing any templates.
import liquid
from liquid.token import TOKEN_EOF
liquid.stream.TokenStream.eof = liquid.Token(TOKEN_EOF, TOKEN_EOF, -1, "")
# ...
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-liquid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-55865"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-19T20:46:34Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nGiven a malformed `{% case %}` tag without associated `{% when %}` or `{% else %}` block, and no terminating `{% endcase %}` tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack.\n\n### Patches\nThe issue is fixed in version 2.2.1 with the correction of the `liquid.TokenStream.eof` attribute. The `kind` and `value` of the special EOF token are now the same, so either can be tested against `liquid.token.TOKEN_EOF`.\n\n### Workarounds\nManually correct the definition of `liquid.TokenStream.eof` before parsing any templates.\n\n```python\nimport liquid\nfrom liquid.token import TOKEN_EOF\n\nliquid.stream.TokenStream.eof = liquid.Token(TOKEN_EOF, TOKEN_EOF, -1, \"\")\n\n# ...\n```",
"id": "GHSA-vq2f-vcc9-j8mv",
"modified": "2026-06-19T20:46:34Z",
"published": "2026-06-19T20:46:34Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/jg-rp/liquid/security/advisories/GHSA-vq2f-vcc9-j8mv"
},
{
"type": "PACKAGE",
"url": "https://github.com/jg-rp/liquid"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Python Liquid: Infinite loop when parsing malformed `{% case %}` tags"
}
GHSA-VRGF-3RC5-R59F
Vulnerability from github – Published: 2022-11-28 21:30 – Updated: 2022-12-02 00:30A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.
{
"affected": [],
"aliases": [
"CVE-2022-4104"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-28T19:15:00Z",
"severity": "MODERATE"
},
"details": "A loop with an unreachable exit condition can be triggered by passing a crafted JPEG file to the Lepton image compression tool, resulting in a denial-of-service.",
"id": "GHSA-vrgf-3rc5-r59f",
"modified": "2022-12-02T00:30:25Z",
"published": "2022-11-28T21:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4104"
},
{
"type": "WEB",
"url": "https://tenable.com/security/research/TRA-2022-35"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRV2-GJV8-MW36
Vulnerability from github – Published: 2023-06-13 09:30 – Updated: 2024-04-04 04:46A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2023-33305"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-13T09:15:18Z",
"severity": "MODERATE"
},
"details": "A loop with unreachable exit condition (\u0027infinite loop\u0027) in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.",
"id": "GHSA-vrv2-gjv8-mw36",
"modified": "2024-04-04T04:46:00Z",
"published": "2023-06-13T09:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33305"
},
{
"type": "WEB",
"url": "https://fortiguard.com/psirt/FG-IR-22-375"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VRX2-77F2-WW34
Vulnerability from github – Published: 2026-04-22 21:25 – Updated: 2026-04-22 21:25Summary
justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.
Most of these issues affected advanced or custom configurations rather than the default safe path.
Affected versions
justhtml<= 1.16.0
Fixed version
justhtml1.17.0released on April 19, 2026
Impact
Custom SVG / MathML sanitization policies
Custom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:
- active HTML integration points such as SVG
<foreignObject>, MathML<annotation-xml encoding="text/html">, SVG<title>/<desc>, and MathML text integration points - mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse
- SVG
filter="url(...)"attributes that could trigger external fetches
These issues affected:
- JustHTML(..., sanitize=True) with custom foreign-namespace policies
- sanitize() / sanitize_dom()
- low-level terminal Sanitize(...) transform execution
Preserved <style> handling
Constructor-time sanitization and explicit Sanitize(...) transforms did not fully match sanitize() / sanitize_dom() when custom policies preserved <style>.
That could leave resource-loading CSS such as @import or background-image:url(...) in sanitized output from HTML string input.
Programmatic DOM serialization
Programmatic script, style, and Comment(...) nodes could still serialize into active markup in some edge cases.
This could affect applications that build or mutate DOM trees directly before calling to_html() or to_markdown(html_passthrough=True).
Cache mutation and DOM cycle handling
Two lower-severity hardening fixes were included:
- compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization
- parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as
to_html()andsanitize_dom()
Default configuration
Most of the issues above did not affect ordinary parsed HTML with the default JustHTML(..., sanitize=True) configuration.
The main risk areas were:
- custom policies that preserve SVG or MathML
- custom policies that preserve
<style> - programmatic DOM construction or mutation
- low-level direct sanitizer/transform APIs
Recommended action
Upgrade to justhtml 1.17.0.
If users cannot upgrade immediately:
- avoid preserving SVG or MathML for untrusted input
- avoid preserving
<style>for untrusted input - avoid mutating programmatic DOM trees with untrusted
script,style, or comment content - avoid mutating warmed policy internals or sanitizer caches
Credit
Discovered during an internal security review of justhtml.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "justhtml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.17.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-436",
"CWE-471",
"CWE-79",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T21:25:46Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\n`justhtml` `1.17.0` fixes multiple security issues in sanitization, serialization, and programmatic DOM handling.\n\nMost of these issues affected advanced or custom configurations rather than the default safe path.\n\n## Affected versions\n\n- `justhtml` `\u003c= 1.16.0`\n\n## Fixed version\n\n- `justhtml` `1.17.0` released on April 19, 2026\n\n## Impact\n\n### Custom SVG / MathML sanitization policies\nCustom policies that preserved foreign namespaces could allow dangerous content to survive sanitization, including:\n\n- active HTML integration points such as SVG `\u003cforeignObject\u003e`, MathML `\u003cannotation-xml encoding=\"text/html\"\u003e`, SVG `\u003ctitle\u003e` / `\u003cdesc\u003e`, and MathML text integration points\n- mutation-XSS parser-differential payloads that looked inert in memory but became active HTML after reparse\n- SVG `filter=\"url(...)\"` attributes that could trigger external fetches\n\nThese issues affected:\n- `JustHTML(..., sanitize=True)` with custom foreign-namespace policies\n- `sanitize()` / `sanitize_dom()`\n- low-level terminal `Sanitize(...)` transform execution\n\n### Preserved `\u003cstyle\u003e` handling\nConstructor-time sanitization and explicit `Sanitize(...)` transforms did not fully match `sanitize()` / `sanitize_dom()` when custom policies preserved `\u003cstyle\u003e`.\n\nThat could leave resource-loading CSS such as `@import` or `background-image:url(...)` in sanitized output from HTML string input.\n\n### Programmatic DOM serialization\nProgrammatic `script`, `style`, and `Comment(...)` nodes could still serialize into active markup in some edge cases.\n\nThis could affect applications that build or mutate DOM trees directly before calling `to_html()` or `to_markdown(html_passthrough=True)`.\n\n### Cache mutation and DOM cycle handling\nTwo lower-severity hardening fixes were included:\n\n- compiled sanitize-pipeline caches could be mutated after warming and weaken later sanitization\n- parent/child cycles in programmatic DOM trees could cause infinite loops in operations such as `to_html()` and `sanitize_dom()`\n\n## Default configuration\n\nMost of the issues above did **not** affect ordinary parsed HTML with the default `JustHTML(..., sanitize=True)` configuration.\n\nThe main risk areas were:\n\n- custom policies that preserve SVG or MathML\n- custom policies that preserve `\u003cstyle\u003e`\n- programmatic DOM construction or mutation\n- low-level direct sanitizer/transform APIs\n\n## Recommended action\n\nUpgrade to `justhtml` `1.17.0`.\n\nIf users cannot upgrade immediately:\n\n- avoid preserving SVG or MathML for untrusted input\n- avoid preserving `\u003cstyle\u003e` for untrusted input\n- avoid mutating programmatic DOM trees with untrusted `script`, `style`, or comment content\n- avoid mutating warmed policy internals or sanitizer caches\n\n## Credit\n\nDiscovered during an internal security review of `justhtml`.",
"id": "GHSA-vrx2-77f2-ww34",
"modified": "2026-04-22T21:25:46Z",
"published": "2026-04-22T21:25:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/EmilStenstrom/justhtml/security/advisories/GHSA-vrx2-77f2-ww34"
},
{
"type": "PACKAGE",
"url": "https://github.com/EmilStenstrom/justhtml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "justhtml has sanitization bypass in custom policies and programmatic DOM"
}
GHSA-VRX2-VJH6-FHXX
Vulnerability from github – Published: 2023-08-23 21:30 – Updated: 2024-01-13 00:30A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.
{
"affected": [],
"aliases": [
"CVE-2023-20200"
],
"database_specific": {
"cwe_ids": [
"CWE-732",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-23T19:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\n\n This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.\n\n Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.",
"id": "GHSA-vrx2-vjh6-fhxx",
"modified": "2024-01-13T00:30:24Z",
"published": "2023-08-23T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20200"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VVC7-QVMV-VPJW
Vulnerability from github – Published: 2024-05-20 12:30 – Updated: 2025-01-16 18:30In the Linux kernel, the following vulnerability has been resolved:
virtio_net: Do not send RSS key if it is not supported
There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop.
Running the following command in any QEMU virtual machine with virtionet will reproduce this problem:
# ethtool -X eth0 hfunc toeplitz
This is how the problem happens:
1) ethtool_set_rxfh() calls virtnet_set_rxfh()
2) virtnet_set_rxfh() calls virtnet_commit_rss_command()
3) virtnet_commit_rss_command() populates 4 entries for the rss scatter-gather
4) Since the command above does not have a key, then the last scatter-gatter entry will be zeroed, since rss_key_size == 0. sg_buf_size = vi->rss_key_size;
5) This buffer is passed to qemu, but qemu is not happy with a buffer with zero length, and do the following in virtqueue_map_desc() (QEMU function):
if (!sz) { virtio_error(vdev, "virtio: zero sized buffers are not allowed");
6) virtio_error() (also QEMU function) set the device as broken
vdev->broken = true;
7) Qemu bails out, and do not repond this crazy kernel.
8) The kernel is waiting for the response to come back (function virtnet_send_command())
9) The kernel is waiting doing the following :
while (!virtqueue_get_buf(vi->cvq, &tmp) &&
!virtqueue_is_broken(vi->cvq))
cpu_relax();
10) None of the following functions above is true, thus, the kernel
loops here forever. Keeping in mind that virtqueue_is_broken() does
not look at the qemu vdev->broken, so, it never realizes that the
vitio is broken at QEMU side.
Fix it by not sending RSS commands if the feature is not available in the device.
{
"affected": [],
"aliases": [
"CVE-2024-35981"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-20T10:15:12Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio_net: Do not send RSS key if it is not supported\n\nThere is a bug when setting the RSS options in virtio_net that can break\nthe whole machine, getting the kernel into an infinite loop.\n\nRunning the following command in any QEMU virtual machine with virtionet\nwill reproduce this problem:\n\n # ethtool -X eth0 hfunc toeplitz\n\nThis is how the problem happens:\n\n1) ethtool_set_rxfh() calls virtnet_set_rxfh()\n\n2) virtnet_set_rxfh() calls virtnet_commit_rss_command()\n\n3) virtnet_commit_rss_command() populates 4 entries for the rss\nscatter-gather\n\n4) Since the command above does not have a key, then the last\nscatter-gatter entry will be zeroed, since rss_key_size == 0.\nsg_buf_size = vi-\u003erss_key_size;\n\n5) This buffer is passed to qemu, but qemu is not happy with a buffer\nwith zero length, and do the following in virtqueue_map_desc() (QEMU\nfunction):\n\n if (!sz) {\n virtio_error(vdev, \"virtio: zero sized buffers are not allowed\");\n\n6) virtio_error() (also QEMU function) set the device as broken\n\n vdev-\u003ebroken = true;\n\n7) Qemu bails out, and do not repond this crazy kernel.\n\n8) The kernel is waiting for the response to come back (function\nvirtnet_send_command())\n\n9) The kernel is waiting doing the following :\n\n while (!virtqueue_get_buf(vi-\u003ecvq, \u0026tmp) \u0026\u0026\n\t !virtqueue_is_broken(vi-\u003ecvq))\n\t cpu_relax();\n\n10) None of the following functions above is true, thus, the kernel\nloops here forever. Keeping in mind that virtqueue_is_broken() does\nnot look at the qemu `vdev-\u003ebroken`, so, it never realizes that the\nvitio is broken at QEMU side.\n\nFix it by not sending RSS commands if the feature is not available in\nthe device.",
"id": "GHSA-vvc7-qvmv-vpjw",
"modified": "2025-01-16T18:30:58Z",
"published": "2024-05-20T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35981"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/059a49aa2e25c58f90b50151f109dd3c4cdb3a47"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/28e9a64638cd16bc1ecac9ff74ffeacb9fb652de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/43a71c1b4b3a6d4db857b1435d271540279fc7de"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/539a2b995a4ed93125cb0efae0f793b00ab2158b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VW2J-3XRW-2Q58
Vulnerability from github – Published: 2022-05-24 17:30 – Updated: 2022-05-24 17:30In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
{
"affected": [],
"aliases": [
"CVE-2020-26575"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-06T15:15:00Z",
"severity": "HIGH"
},
"details": "In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.",
"id": "GHSA-vw2j-3xrw-2q58",
"modified": "2022-05-24T17:30:12Z",
"published": "2022-05-24T17:30:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26575"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16887"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/467"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/471"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/472"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/473"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHZSVK7PO2LTGFQXFHFXY6SOMSQ7UPRS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2667E6WKVE56G66BVBVD7LJPIDOJ7K3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202011-08"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-14.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-VWCC-98M2-WF3C
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2022-05-24 16:53In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.
{
"affected": [],
"aliases": [
"CVE-2019-15143"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-18T19:15:00Z",
"severity": "MODERATE"
},
"details": "In DjVuLibre 3.5.27, the bitmap reader component allows attackers to cause a denial-of-service error (resource exhaustion caused by a GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file, related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp.",
"id": "GHSA-vwcc-98m2-wf3c",
"modified": "2022-05-24T16:53:53Z",
"published": "2022-05-24T16:53:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15143"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00036.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPMG3VY33XGMIKE6QDYIUVS6A7GNTHTK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO65AWU7LEWNF6DDCZPRFTR2ZPP5XK6L"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7F7544WASYMOTFDR2WUEOQLN3ZEXNU4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QUEME45HVGTMDOYODAZYQOGWSZ2CEFWZ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RYZTGKWY3NAKMIMTFYGN4ZO5XEQWPYRL"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-36"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/djvu/bugs/297"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4198-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-5032"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00086.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00087.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VWGQ-PV2Q-RW8C
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-04-20 03:38The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
{
"affected": [],
"aliases": [
"CVE-2017-9122"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-12T06:29:00Z",
"severity": "HIGH"
},
"details": "The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.",
"id": "GHSA-vwgq-pv2q-rw8c",
"modified": "2025-04-20T03:38:48Z",
"published": "2022-05-13T01:15:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9122"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4545-1"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42148"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VX2X-XF93-9FW9
Vulnerability from github – Published: 2026-01-27 09:30 – Updated: 2026-01-27 09:30Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with program files bn_lib.C.
This issue affects lede: through r25.10.1.
{
"affected": [],
"aliases": [
"CVE-2026-24804"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-27T09:15:50Z",
"severity": "CRITICAL"
},
"details": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules). This vulnerability is associated with program files bn_lib.C.\n\nThis issue affects lede: through r25.10.1.",
"id": "GHSA-vx2x-xf93-9fw9",
"modified": "2026-01-27T09:30:30Z",
"published": "2026-01-27T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24804"
},
{
"type": "WEB",
"url": "https://github.com/coolsnowwolf/lede/pull/13368"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.