Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-16419

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-09 Dec, 2017 | 06:00
Updated At-05 Aug, 2024 | 20:27
Rejected At-
Credits

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:09 Dec, 2017 | 06:00
Updated At:05 Aug, 2024 | 20:27
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.

Affected Products
Vendor
n/a
Product
Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
Versions
Affected
  • Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions
Problem Types
TypeCWE IDDescription
textN/AStackExhaustion
Type: text
CWE ID: N/A
Description: StackExhaustion
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039791
vdb-entry
x_refsource_SECTRACK
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101817
vdb-entry
x_refsource_BID
Hyperlink: http://www.securitytracker.com/id/1039791
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/101817
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securitytracker.com/id/1039791
vdb-entry
x_refsource_SECTRACK
x_transferred
https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/101817
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.securitytracker.com/id/1039791
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/101817
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:09 Dec, 2017 | 06:29
Updated At:20 Apr, 2025 | 01:37

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The issue is a stack exhaustion problem within the JavaScript API, where the computation does not correctly control the amount of recursion that can happen with respect to system resources.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
Adobe Inc.
adobe
>>acrobat>>Versions up to 11.0.22(inclusive)
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>Versions from 17.0(inclusive) to 17.011.30066(inclusive)
cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_dc>>Versions from -(inclusive) to 17.012.20098(inclusive)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*
Adobe Inc.
adobe
>>acrobat_dc>>Versions from 15.0(inclusive) to 15.006.30355(inclusive)
cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>Versions up to 11.0.22(inclusive)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>Versions from 17.0(inclusive) to 17.011.30066(inclusive)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader_dc>>Versions from -(inclusive) to 17.012.20098(inclusive)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*
Adobe Inc.
adobe
>>acrobat_reader_dc>>Versions from 15.0(inclusive) to 15.006.30355(inclusive)
cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarynvd@nist.gov
CWE ID: CWE-674
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/101817psirt@adobe.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039791psirt@adobe.com
Third Party Advisory
VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb17-36.htmlpsirt@adobe.com
Broken Link
http://www.securityfocus.com/bid/101817af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039791af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://helpx.adobe.com/security/products/acrobat/apsb17-36.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Hyperlink: http://www.securityfocus.com/bid/101817
Source: psirt@adobe.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039791
Source: psirt@adobe.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Source: psirt@adobe.com
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/101817
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1039791
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://helpx.adobe.com/security/products/acrobat/apsb17-36.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link

Change History

0
Information is not available yet

Similar CVEs

141Records found
CVE-2009-2988
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.34% / 79.20%
||
7 Day CHG~0.00%
Published-19 Oct, 2009 | 22:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readeracrobatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-36077
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.61% / 68.73%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 14:35
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Bridge SVG File Memory Corruption Could Lead To Application Denial Of Service

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsbridgeBridge
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-23189
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 70.24%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-23 Apr, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator NULL Pointer Dereference Application denial-of-service

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2008-5363
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.83% / 82.18%
||
7 Day CHG~0.00%
Published-08 Dec, 2008 | 11:00
Updated-07 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playerairn/a
CWE ID-CWE-399
Not Available
CVE-2008-3873
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.55% / 88.75%
||
7 Day CHG~0.00%
Published-29 Aug, 2008 | 17:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System.setClipboard method in ActionScript in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to populate the clipboard with a URL that is difficult to delete and does not require user interaction to populate the clipboard, as exploited in the wild in August 2008.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CVE-2008-4546
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-23.96% / 95.81%
||
7 Day CHG+1.94%
Published-14 Oct, 2008 | 15:00
Updated-07 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service (NULL pointer dereference and browser crash) by returning a different response when an HTTP request is sent a second time, as demonstrated by two responses that provide SWF files with different SWF version numbers.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CWE ID-CWE-399
Not Available
CVE-2008-2549
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-71.86% / 98.68%
||
7 Day CHG~0.00%
Published-04 Jun, 2008 | 19:17
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobat_readern/a
CVE-2022-23199
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 70.24%
||
7 Day CHG~0.00%
Published-16 Feb, 2022 | 16:38
Updated-23 Apr, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Illustrator NULL Pointer Dereference Application denial-of-service

Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosillustratorIllustrator
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-24421
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.49% / 64.47%
||
7 Day CHG~0.00%
Published-21 Oct, 2020 | 21:28
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign 15.1.2 NULL Pointer Dereference Bug

Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. The impact is limited to causing a denial-of-service of the client application. User interaction is required to exploit this issue.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-windowsindesignInDesign
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2020-9703
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.47% / 63.90%
||
7 Day CHG~0.00%
Published-19 Aug, 2020 | 13:16
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2007-1278
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.57% / 88.78%
||
7 Day CHG~0.00%
Published-16 Mar, 2007 | 20:00
Updated-07 Aug, 2024 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file in the JRun web root.

Action-Not Available
Vendor-n/aMicrosoft CorporationAdobe Inc.
Product-internet_information_serverjruncoldfusionn/a
CVE-2021-42268
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.61% / 68.66%
||
7 Day CHG~0.00%
Published-18 Nov, 2021 | 16:41
Updated-23 Apr, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Animate FLA File Parsing Null Pointer Dereference Application Denial of Service

Adobe Animate version 21.0.9 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted FLA file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.
Product-animateAnimate
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-42264
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Pro Null Pointer Dereference Application denial-of-service

Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowspremiere_promacosPremiere
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40767
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-16 Sep, 2024 | 23:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Character Animator Memory Corruption could lead to Application denial-of-service

Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowscharacter_animatormacosCharacter Animator (Preview 4)
CWE ID-CWE-788
Access of Memory Location After End of Buffer
CVE-2021-40788
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Elements Null Pointer Dereference Application denial-of-service

Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-premiere_elementswindowsmacosPremiere Elements
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40781
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:02
Updated-23 Apr, 2025 | 18:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder Null Pointer Dereference Application denial-of-service

Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-40737
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.41% / 60.50%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 14:03
Updated-23 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Audition NULL Pointer Dereference Application denial-of-service

Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-21046
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.10% / 77.14%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-16 Sep, 2024 | 17:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9610
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-1.29% / 78.82%
||
7 Day CHG+0.34%
Published-25 Jun, 2020 | 21:21
Updated-04 Aug, 2024 | 10:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a null pointer vulnerability. Successful exploitation could lead to application denial-of-service.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8535
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8539
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.18% / 95.12%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7windows_server_2012malware_protection_enginewindows_server_2016exchange_serverwindows_8.1windows_rt_8.1windows_10forefront_securityMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8542
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-19.18% / 95.12%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7windows_server_2012malware_protection_enginewindows_server_2016exchange_serverwindows_8.1windows_rt_8.1windows_10forefront_securityMalware Protection
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8536
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-7515
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.51% / 65.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

Action-Not Available
Vendor-Red Hat, Inc.freedesktop.org
Product-popplerpoppler
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-45832
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.96%
||
7 Day CHG~0.00%
Published-05 Jan, 2022 | 20:32
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).

Action-Not Available
Vendor-n/aThe HDF Group
Product-hdf5n/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-46195
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.02%
||
7 Day CHG~0.00%
Published-14 Jan, 2022 | 19:16
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources.

Action-Not Available
Vendor-n/aGNU
Product-gccn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-43519
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 19.07%
||
7 Day CHG-0.00%
Published-09 Nov, 2021 | 12:26
Updated-04 Aug, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.

Action-Not Available
Vendor-luan/aFedora Project
Product-luafedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-6285
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.95%
||
7 Day CHG~0.00%
Published-14 Jan, 2019 | 22:00
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Action-Not Available
Vendor-yaml-cpp_projectn/a
Product-yaml-cppn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-6290
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.29%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 00:00
Updated-16 Sep, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Action-Not Available
Vendor-nasmn/a
Product-netwide_assemblern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-46507
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.65%
||
7 Day CHG~0.00%
Published-27 Jan, 2022 | 20:21
Updated-04 Aug, 2024 | 05:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.

Action-Not Available
Vendor-jsishn/a
Product-jsishn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-6292
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.45%
||
7 Day CHG+0.01%
Published-15 Jan, 2019 | 00:00
Updated-16 Sep, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.

Action-Not Available
Vendor-yaml-cpp_projectn/a
Product-yaml-cppn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-6293
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.45% / 62.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2019 | 00:00
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.

Action-Not Available
Vendor-westesn/a
Product-flexn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-6131
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.43%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 05:00
Updated-11 Sep, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mupdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-45105
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.9||MEDIUM
EPSS-72.11% / 98.69%
||
7 Day CHG~0.00%
Published-18 Dec, 2021 | 11:55
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Action-Not Available
Vendor-The Apache Software FoundationSonicWall Inc.NetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerpeoplesoft_enterprise_peopletoolshyperion_bi\+hyperion_tax_provisionprimavera_unifiertaleo_platformcommunications_cloud_native_core_network_function_cloud_native_environmentretail_back_officecommunications_network_integrityretail_service_backbonecommunications_network_charging_and_controlcommunications_session_route_managerbusiness_intelligencemanagement_cloud_enginecommunications_user_data_repositoryautovue_for_agile_product_lifecycle_managementcommunications_performance_intelligence_centerhealthcare_master_person_indexhealth_sciences_empirica_signalbanking_loans_servicingcommunications_eagle_ftp_table_base_retrievalcommunications_cloud_native_core_unified_data_repositorynetwork_security_managerretail_order_brokersql_developercommunications_evolved_communications_application_serverretail_price_managementcommunications_unified_inventory_managementwebcenter_sitesweb_application_firewallcommunications_cloud_native_core_service_communication_proxyretail_customer_insightscommunications_cloud_native_core_security_edge_protection_proxycommunications_messaging_serverenterprise_manager_for_peoplesofthealthcare_translational_research6bk1602-0aa42-0tp0_firmwarecommunications_eagle_element_management_systemcommunications_ip_service_activatorretail_financial_integrationretail_data_extractor_for_merchandisingretail_returns_managementretail_order_management_systemhospitality_suite8banking_treasury_management6bk1602-0aa52-0tp0retail_eftlinkhospitality_token_proxy_servicecloud_managerdebian_linuxweblogic_servermysql_enterprise_monitor6bk1602-0aa32-0tp0_firmwareinstantis_enterprisetracklog4j6bk1602-0aa22-0tp0_firmwarehyperion_profitability_and_cost_managementcommunications_asap6bk1602-0aa22-0tp0communications_element_manager6bk1602-0aa52-0tp0_firmwareenterprise_manager_base_platformwebcenter_portaldata_integratorretail_store_inventory_managementhealthcare_data_repositorye-business_suitecommunications_cloud_native_core_consoleretail_central_officeprimavera_gatewaybanking_platformcommunications_session_report_manageragile_plmretail_merchandising_systemcommunications_cloud_native_core_policybanking_party_managementcommunications_convergent_charging_controllerretail_point-of-servicebanking_enterprise_default_managementbanking_paymentsflexcube_universal_bankingfinancial_services_analytical_applications_infrastructurehyperion_data_relationship_managementhealthcare_foundationcommunications_service_brokerhealth_sciences_informcommunications_interactive_session_recorderpayment_interfaceenterprise_manager_ops_centercommunications_services_gatekeepercommunications_convergencemanaged_file_transfer6bk1602-0aa12-0tp0insurance_insbridge_rating_and_underwritingretail_predictive_application_servercommunications_cloud_native_core_network_slice_selection_functioncommunications_billing_and_revenue_managementidentity_manager_connectorsiebel_ui_frameworkcommunications_cloud_native_core_network_repository_functionretail_integration_busagile_plm_mcad_connectoragile_engineering_data_managementutilities_framework6bk1602-0aa32-0tp06bk1602-0aa12-0tp0_firmwarebanking_deposits_and_lines_of_credit_servicinghyperion_planningbanking_trade_financeretail_invoice_matchingprimavera_p6_enterprise_project_portfolio_managementcommunications_webrtc_session_controllercommunications_pricing_design_centerhealth_sciences_information_manageremail_securityjdeveloperfinancial_services_model_management_and_governancehyperion_infrastructure_technologyinsurance_data_gateway6bk1602-0aa42-0tp0identity_management_suiteApache Log4j2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-20
Improper Input Validation
CVE-2017-14861
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 59.34%
||
7 Day CHG~0.00%
Published-28 Sep, 2017 | 07:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a stack consumption vulnerability in the Exiv2::Internal::stringFormat function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.

Action-Not Available
Vendor-n/aExiv2
Product-exiv2n/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-30471
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.65%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 21:38
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

Action-Not Available
Vendor-podofo_projectn/aRed Hat, Inc.Fedora Project
Product-podofoenterprise_linuxfedorapodofo
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-30470
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.65%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 21:37
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

Action-Not Available
Vendor-podofo_projectn/aRed Hat, Inc.Fedora Project
Product-podofoenterprise_linuxfedorapodofo
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18797
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 63.41%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 15:07
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.

Action-Not Available
Vendor-sass-langn/a
Product-libsassn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.73% / 71.81%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 20:31
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.

Action-Not Available
Vendor-ezxml_projectn/a
Product-ezxmln/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.73%
||
7 Day CHG~0.00%
Published-04 Jan, 2020 | 06:43
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

Action-Not Available
Vendor-nasmn/a
Product-netwide_assemblern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20395
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 42.77%
||
7 Day CHG+0.05%
Published-22 Jan, 2020 | 00:00
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.

Action-Not Available
Vendor-cesnetn/a
Product-libyangn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-18853
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.57% / 67.53%
||
7 Day CHG~0.00%
Published-11 Nov, 2019 | 14:36
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XML_PARSE_HUGE is not properly restricted in coders/svg.c, related to SVG and libxml2.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-17450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.03% / 76.44%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 16:21
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.

Action-Not Available
Vendor-n/aCanonical Ltd.GNUopenSUSE
Product-ubuntu_linuxbinutilsleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-16088
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.68%
||
7 Day CHG~0.00%
Published-06 Sep, 2019 | 21:25
Updated-05 Aug, 2024 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.

Action-Not Available
Vendor-glyphandcogn/a
Product-xpdfreadern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-13288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-31.54% / 96.62%
||
7 Day CHG~0.00%
Published-04 Jul, 2019 | 21:06
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

Action-Not Available
Vendor-glyphandcogn/a
Product-xpdfreadern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-0692
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.58%
||
7 Day CHG~0.00%
Published-06 Jul, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-12213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.94%
||
7 Day CHG~0.00%
Published-20 May, 2019 | 15:05
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

Action-Not Available
Vendor-freeimage_projectn/aCanonical Ltd.Fedora ProjectDebian GNU/Linux
Product-freeimageubuntu_linuxdebian_linuxfedoran/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-11026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.55% / 66.78%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 22:20
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.

Action-Not Available
Vendor-n/afreedesktop.orgFedora Project
Product-fedorapopplern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-11024
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.69%
||
7 Day CHG~0.00%
Published-08 Apr, 2019 | 22:20
Updated-04 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.

Action-Not Available
Vendor-libsixel_projectn/a
Product-libsixeln/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-25313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.29%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 04:23
Updated-30 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Action-Not Available
Vendor-libexpat_projectn/aOracle CorporationDebian GNU/LinuxFedora ProjectSiemens AG
Product-zfs_storage_appliance_kitsinema_remote_connect_serverlibexpatfedoradebian_linuxhttp_servern/a
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found