CVE-2026-47066

CVE-2026-47066 describes an Infinite Loop in the Alt-Svc header parser of benoitc’s hackney. The vulnerable component is the Alt-Svc response header parser (src/hackney_altsvc.erl); when parse_token/2 receives certain inputs, it may return the input unchanged, and skip_comma/1 can fail to progres...

CVE-2026-47066 Infinite loop in Alt-Svc header parser in hackney

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

JLSEC-2025-103 A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU vi...

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handleopenbrace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

SUSE SLED15 / SLES15 Security Update : ffmpeg (SUSE-SU-2021:2919-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2919-1 advisory. - A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matros...

CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

CVE-2019-9717

In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srttoass in libavcodec/srtdec.c has a complex format argument to sscanf...

CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

CVE-2019-9721

A denial of service in the subtitle decoder in FFmpeg 3.2 and 4.1 allows attackers to hog the CPU via a crafted video file in Matroska format, because handleopenbrace in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

CVE-2019-9721

FFmpeg 3.2 and 4.1 are affected by CVE-2019-9721, a denial-of-service in the subtitle decoder caused by a complex sscanf format in libavcodec/htmlsubtitles.c (handle_open_brace). Public OSV entries summarize fixes in FFmpeg 4.2 and related components for multiple CVEs (e.g., CVE-2020-21688, -2169...

CVE-2019-9718

CVE-2019-9718 is a DoS in FFmpeg’s subtitle decoder, affecting FFmpeg 3.2 and 4.1 via the Matroska subtitle path. The root cause is a complex format string in ff_htmlmarkup_to_ass in libavcodec/htmlsubtitles.c that enables consuming excessive CPU when parsing crafted Matroska subtitles. Public ad...

CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

UBUNTU-CVE-2019-9718

In FFmpeg 3.2 and 4.1, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because ffhtmlmarkuptoass in libavcodec/htmlsubtitles.c has a complex format argument to sscanf...

[SECURITY] [DLA 1572-1] nginx security update

Package : nginx Version : 1.6.2-5+deb8u6 CVE ID : CVE-2018-16845 Debian Bug : 913090 It was discovered that there was a denial of service DoS vulnerability in the nginx web/proxy server. As there was no validation for the size of a 64-bit atom in an MP4 file, this could have led to a CPU hog when...

Debian: Security Advisory (DLA-1572-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco IOS VTP Malformed Version Denial of Service Vulnerability

Cisco IOS contains a vulnerability in the VLAN Trunking Protocol VTP that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability exists because the VTP feature in several versions of Cisco IOS software does not properly handle malformed packe...

CVE-2000-0456

NetBSD CVE-2000-0456 affects NetBSD 1.4.2 and earlier. The vulnerability stems from certain kernel system calls that do not yield the CPU, allowing local users to cause a denial of service (cpu-hog). The NVD/metrics indicate a low severity (CVSS v2 base score 2.1) with local attack vector and no ...

CVE-2000-0456

NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog"...