CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/18 3:22 a.m.•1 views

CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser

7.5CVSS5.8AI score0.00021EPSS

OSV•added 2026/03/18 3:22 a.m.•1 views

CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser

7.5CVSS5.9AI score0.00021EPSS

Exploits0References4

Cvelist•added 2026/03/18 3:22 a.m.•26 views

CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser

7.5CVSS0.00021EPSS

OSV•added 2026/03/17 8:4 p.m.•1 views

GHSA-V6C2-XWV6-8XF7 music-metadata has an infinite loop vulnerability in ASF parser

Summary music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Root Cause When objectSize is 0: 1. remaining = 0 - 24 = -24 2. tokenizer.ignore-24 moves the read position...

7.5CVSS5.8AI score0.00021EPSS

Exploits0References4

Cvelist•added 2026/03/10 9:1 p.m.•23 views

CVE-2026-31808 file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF WMV/WMA file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value...

5.3CVSS0.00031EPSS

Vulnrichment•added 2026/03/10 9:1 p.m.•1 views

CVE-2026-31808 file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

5.3CVSS5.8AI score0.00031EPSS

CVE•added 2026/03/10 9:1 p.m.•10 views

CVE-2026-31808

The file-type library is affected by a denial-of-service in the ASF (WMV/WMA) file-type parser prior to 21.3.1. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser loops infinitely because tokenizer.ignore(payload) moves read position backwards, causing the s...

5.3CVSS5.8AI score0.00031EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/01/22 12:0 a.m.•2 views

Azure Linux 3.0 Security Update: exiv2 (CVE-2024-39695)

The version of exiv2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39695 advisory. - Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of...

6.5CVSS5.7AI score0.00144EPSS

Tenable Nessus•added 2025/11/20 12:0 a.m.•3 views

TencentOS Server 4: exiv2 (TSSA-2024:0274)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0274 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

6.5CVSS6.5AI score0.00144EPSS

OSV•added 2024/07/12 11:8 a.m.•1 views

OESA-2024-1841 exiv2 security update

Exiv2 is a Cross-platform C++ library and a command line utility to manage image metadata. It provides fast and easy read and write access to the Exif, IPTC and XMP metadata and the ICC Profile embedded within digital images in various formats. Security Fixes: Exiv2 is a command-line utility and...

6.5CVSS6.9AI score0.00144EPSS

SUSE CVE•added 2024/07/09 3:37 a.m.•2 views

SUSE CVE-2024-39695

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds...

4.4CVSS6.7AI score0.00144EPSS

Exploits0References4

OSV•added 2024/07/08 4:15 p.m.•3 views

AZL-43237 CVE-2024-39695 affecting package exiv2 0.28.0-1

6.5CVSS5.7AI score0.00144EPSS

Exploits0References1

Tenable Nessus•added 2009/10/13 12:0 a.m.•41 views

MS09-051: Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)

The remote Windows host contains a version of the Windows Media Runtime that is affected by multiple vulnerabilities : - The ASF parser incorrectly parses files which make use of the Window Media Speech codec. A remote attacker can exploit this by tricking a user into opening a specially crafted...

9.3CVSS6.1AI score0.30308EPSS

Tenable Nessus•added 2009/09/11 12:0 a.m.•24 views

MS09-047: Windows Media Format Multiple Vulnerabilities (Windows Vista / Server 2008)

Binary data 5167.prm...

Tenable Nessus•added 2009/09/11 12:0 a.m.•26 views

MS09-047: Windows Media Format Multiple Vulnerabilities (Windows 2000)

Binary data 5163.prm...

Tenable Nessus•added 2009/09/11 12:0 a.m.•26 views

MS09-047: Windows Media Format Multiple Vulnerabilities (Windows Server 2003)

Binary data 5164.prm...

Tenable Nessus•added 2009/09/11 12:0 a.m.•23 views

MS09-047: Windows Media Format Multiple Vulnerabilities (Windows XP 32-bit)

Binary data 5165.prm...

Tenable Nessus•added 2009/09/08 12:0 a.m.•94 views

MS09-047: Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)

The remote Windows host contains a version of the Windows Media Format Runtime or Windows Media Services that is affected by multiple vulnerabilities : - The ASF parser has an invalid free vulnerability. A remote attacker could exploit this by tricking a user into opening a specially crafted ASF...

9.3CVSS6.2AI score0.30749EPSS