Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-3222

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-15 Sep, 2022 | 00:00
Updated At-03 Aug, 2024 | 01:00
Rejected At-
Credits

Uncontrolled Recursion in gpac/gpac

Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:15 Sep, 2022 | 00:00
Updated At:03 Aug, 2024 | 01:00
Rejected At:
▼CVE Numbering Authority (CNA)
Uncontrolled Recursion in gpac/gpac

Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.

Affected Products
Vendor
GPACgpac
Product
gpac/gpac
Versions
Affected
  • From unspecified before 2.1.0-DEV (custom)
Problem Types
TypeCWE IDDescription
CWECWE-674CWE-674 Uncontrolled Recursion
Type: CWE
CWE ID: CWE-674
Description: CWE-674 Uncontrolled Recursion
Metrics
VersionBase scoreBase severityVector
3.05.3MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235
N/A
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
N/A
https://www.debian.org/security/2023/dsa-5411
vendor-advisory
Hyperlink: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235
Resource: N/A
Hyperlink: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
Resource: N/A
Hyperlink: https://www.debian.org/security/2023/dsa-5411
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235
x_transferred
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
x_transferred
https://www.debian.org/security/2023/dsa-5411
vendor-advisory
x_transferred
Hyperlink: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235
Resource:
x_transferred
Hyperlink: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
Resource:
x_transferred
Hyperlink: https://www.debian.org/security/2023/dsa-5411
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:15 Sep, 2022 | 09:15
Updated At:27 May, 2023 | 04:15

Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Secondary3.05.3MEDIUM
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CPE Matches
GPAC
gpac
>>gpac>>Versions before 2.1(exclusive)
cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*
GPAC
gpac
>>gpac>>2.1
cpe:2.3:a:gpac:gpac:2.1:dev:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-674Primarysecurity@huntr.dev
CWE ID: CWE-674
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdafsecurity@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235security@huntr.dev
Exploit
Patch
Third Party Advisory
https://www.debian.org/security/2023/dsa-5411security@huntr.dev
N/A
Hyperlink: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://www.debian.org/security/2023/dsa-5411
Source: security@huntr.dev
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

222Records found
CVE-2020-18392
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.25% / 48.31%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:37
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.

Action-Not Available
Vendor-cesantan/a
Product-mjsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8535
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8537
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-2664
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.9||LOW
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 20:21
Updated-23 Jan, 2025 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree

 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.

Action-Not Available
Vendor-xpdfreaderXpdf
Product-xpdfXpdf
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-31794
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 4.12%
||
7 Day CHG~0.00%
Published-31 Oct, 2023 | 00:00
Updated-05 Sep, 2024 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Action-Not Available
Vendor-n/aArtifex Software Inc.
Product-mupdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-9071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-24 Feb, 2019 | 00:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

Action-Not Available
Vendor-n/aGNUNetApp, Inc.Canonical Ltd.
Product-ubuntu_linuxhci_management_nodesolidfirebinutilsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2023-2663
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.9||LOW
EPSS-0.02% / 2.72%
||
7 Day CHG~0.00%
Published-11 May, 2023 | 20:16
Updated-24 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree

 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.

Action-Not Available
Vendor-xpdfreaderXpdf
Product-xpdfXpdf
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-20334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.23% / 45.74%
||
7 Day CHG~0.00%
Published-04 Jan, 2020 | 06:43
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

Action-Not Available
Vendor-nasmn/a
Product-netwide_assemblern/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2019-15144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.74%
||
7 Day CHG~0.00%
Published-18 Aug, 2019 | 18:30
Updated-05 Aug, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In DjVuLibre 3.5.27, the sorting functionality (aka GArrayTemplate<TYPE>::sort) allows attackers to cause a denial-of-service (application crash due to an Uncontrolled Recursion) by crafting a PBM image file that is mishandled in libdjvu/GContainer.h.

Action-Not Available
Vendor-djvulibre_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-djvulibreubuntu_linuxdebian_linuxfedoraleapn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2017-8536
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-4.95% / 89.24%
||
7 Day CHG~0.00%
Published-26 May, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_defenderwindows_7endpoint_protectionsecurity_essentialswindows_server_2016exchange_serverwindows_8.1forefront_endpoint_protectionwindows_rt_8.1windows_10system_center_endpoint_protectionwindows_intune_endpoint_protectionMalware Protection Engine
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-476
NULL Pointer Dereference
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-30470
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 21:37
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.

Action-Not Available
Vendor-podofo_projectn/aRed Hat, Inc.Fedora Project
Product-podofoenterprise_linuxfedorapodofo
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-30471
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 21:38
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.

Action-Not Available
Vendor-podofo_projectn/aRed Hat, Inc.Fedora Project
Product-podofoenterprise_linuxfedorapodofo
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-3248
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.9||LOW
EPSS-0.03% / 5.47%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 23:04
Updated-29 Jan, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in Xpdf 4.05 due to object loop in attachments

In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.

Action-Not Available
Vendor-xpdfreaderXpdfxpdf
Product-xpdfXpdfxpdf
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-3247
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.9||LOW
EPSS-0.03% / 5.47%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 22:57
Updated-29 Jan, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in Xpdf 4.05 due to object loop in PDF object stream

In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.

Action-Not Available
Vendor-xpdfreaderXpdfxpdf
Product-xpdfXpdfxpdf
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2022-48545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 14.59%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 00:00
Updated-03 Oct, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-25112
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.19%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 22:11
Updated-16 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Exiv2
Product-exiv2exiv2
CWE ID-CWE-674
Uncontrolled Recursion
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-38334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.07%
||
7 Day CHG~0.00%
Published-15 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 10:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2024-7866
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.1||LOW
EPSS-0.00% / 0.18%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 19:50
Updated-20 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stack overflow in Xpdf 4.05 due to object loop in PDF pattern

In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.

Action-Not Available
Vendor-xpdfreaderXpdf
Product-xpdfXpdf
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-36370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.77%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:38
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.

Action-Not Available
Vendor-cesantan/a
Product-mjsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-36367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.77%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:38
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.

Action-Not Available
Vendor-cesantan/a
Product-mjsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-36366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.77%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:37
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.

Action-Not Available
Vendor-cesantan/a
Product-mjsn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2020-36373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.27% / 49.77%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 20:39
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file.

Action-Not Available
Vendor-cesantan/a
Product-mjsn/a
CWE ID-CWE-674
Uncontrolled Recursion
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found