Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-11118

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Jul, 2017 | 13:00
Updated At-05 Aug, 2024 | 17:57
Rejected At-
Credits

The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Jul, 2017 | 13:00
Updated At:05 Aug, 2024 | 17:57
Rejected At:
▼CVE Numbering Authority (CNA)

The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sourceforge.net/p/openexif/bugs/18/
x_refsource_MISC
http://seclists.org/fulldisclosure/2017/Jul/77
x_refsource_MISC
Hyperlink: https://sourceforge.net/p/openexif/bugs/18/
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/77
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sourceforge.net/p/openexif/bugs/18/
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2017/Jul/77
x_refsource_MISC
x_transferred
Hyperlink: https://sourceforge.net/p/openexif/bugs/18/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/77
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Jul, 2017 | 13:29
Updated At:20 Apr, 2025 | 01:37

The ExifImageFile::readImage function in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted jpg file.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.07.1HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.1
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CPE Matches
openexif_project
openexif_project
>>openexif>>2.1.4
cpe:2.3:a:openexif_project:openexif:2.1.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-835Primarynvd@nist.gov
CWE ID: CWE-835
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2017/Jul/77cve@mitre.org
Mailing List
Third Party Advisory
https://sourceforge.net/p/openexif/bugs/18/cve@mitre.org
N/A
http://seclists.org/fulldisclosure/2017/Jul/77af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://sourceforge.net/p/openexif/bugs/18/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/77
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://sourceforge.net/p/openexif/bugs/18/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/77
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://sourceforge.net/p/openexif/bugs/18/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

62Records found
CVE-2017-8054
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.42% / 61.44%
||
7 Day CHG~0.00%
Published-22 Apr, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.

Action-Not Available
Vendor-podofo_projectn/a
Product-podofon/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-8053
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 56.87%
||
7 Day CHG~0.00%
Published-22 Apr, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).

Action-Not Available
Vendor-podofo_projectn/a
Product-podofon/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-8871
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.94% / 83.12%
||
7 Day CHG~0.00%
Published-12 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

Action-Not Available
Vendor-n/aopenSUSEThe GNOME Project
Product-leaplibcrocon/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-7700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.85%
||
7 Day CHG~0.00%
Published-12 Apr, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.

Action-Not Available
Vendor-n/aWireshark FoundationDebian GNU/Linux
Product-debian_linuxwiresharkn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-6299
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.35% / 57.12%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-5852
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.46% / 63.67%
||
7 Day CHG~0.00%
Published-01 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file.

Action-Not Available
Vendor-podofo_projectn/a
Product-podofon/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-1338
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-2.23% / 84.20%
||
7 Day CHG~0.00%
Published-25 Apr, 2018 | 21:00
Updated-17 Sep, 2024 | 00:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tikaApache Tika
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-1339
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.5||MEDIUM
EPSS-4.52% / 88.89%
||
7 Day CHG~0.00%
Published-25 Apr, 2018 | 21:00
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tikaApache Tika
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-11626
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.34% / 56.13%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 23:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."

Action-Not Available
Vendor-qpdf_projectn/a
Product-qpdfn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-0685
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.54%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34203195.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-18701
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2018 | 16:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption vulnerability resulting from infinite recursion in the functions next_is_type_qual() and cplus_demangle_type() in cp-demangle.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via an ELF file, as demonstrated by nm.

Action-Not Available
Vendor-n/aGNU
Product-binutilsn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2018-12418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.99%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 16:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files.

Action-Not Available
Vendor-junrar_projectn/a
Product-junrarn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • Next
Details not found