CVE-2025-50420

An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service DoS...

CVE-2025-46206

An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the stripoutline function enters infinite recursion...

CVE-2025-50420

The CVE-2025-50420 entry concerns the pdfseparate utility of freedesktop poppler. The connected documents confirm a vulnerability in poppler v25.04.0 where a crafted PDF can cause infinite recursion, leading to Denial of Service (DoS). Several vendor advisories (SUSE SUSE-SU-2025:02791-1, SUSE-SU...

PT-2025-32164 · Nvidia · Nvidia Triton Inference Server

Name of the Vulnerable Software and Affected Versions: NVIDIA Triton Inference Server for Windows and Linux affected versions not specified Description: The NVIDIA Triton Inference Server contains a flaw that allows an attacker to trigger uncontrolled recursion with a crafted input. Successful...

PT-2025-31833 · Freedesktop +1 · Poppler +1

Name of the Vulnerable Software and Affected Versions: freedesktop poppler version 25.04.0 Description: An issue in the pdfseparate utility allows attackers to cause an infinite recursion by supplying a crafted PDF file, potentially leading to a Denial of Service DoS. Recommendations: At the...

CVE-2025-46206

CVE-2025-46206 affects Artifex mupdf up to version 1.25.6 (and 1.25.5). The issue enables a remote attacker to cause a denial of service via infinite recursion in the mutool clean utility when processing a crafted PDF containing cyclic /Next references in the outline structure; the strip_outline(...

Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2025-1092)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1092 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Tenabl...

Freedesktop Poppler 安全漏洞

Freedesktop Poppler is a Freedesktop community C++ class library for generating PDFs, which is inherited from Xpdf PDF reader. A security vulnerability exists in Freedesktop Poppler version v25.04.0, which stems from an infinite recursion in the pdfseparate tool's processing of specially crafted...

PT-2025-31832 · Artifex +1 · Artifex Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex mupdf versions 1.25.5 through 1.25.6 Description: An issue in Artifex mupdf allows a remote attacker to cause a denial of service via an infinite recursion in the mutool clean utility. This occurs when processing a crafted PDF file...

commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang

An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass... method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an...

com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set...

OESA-2025-1929 apache-commons-lang3 security update

The standard Java libraries fail to provide enough methods for manipulation of its core classes. The Commons Lang Component provides these extra methods. Lang provides a host of helper utilities for the java.lang API, notably String manipulation methods, basic numerical methods, object reflection...

GHSA-WX6G-FM6F-W822 MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

Summary When parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. Details By specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of nodegraph elements...

MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

Summary When parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. Details By specification, multiple kinds of elements in MTLX support nesting other elements, such as in the case of nodegraph elements...

Amazon Linux 2 : rust (ALAS-2025-2933)

The version of rust installed on the remote host is prior to 1.86.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2933 advisory. The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup...

SUSE-SU-2025:20514-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2025-4565: Fixed a crash due to RecursionError bsc1244663...

Security update for protobuf

This update for protobuf fixes the following issues: CVE-2025-4565: Fixed a crash due to RecursionError bsc1244663 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

Medium: rust

Issue Overview: The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input. CVE-2025-53605 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Security Bulletin: IBM Sterling Connect:Direct Web Services uses commons-lang3 and is vulnerable to CVE-2025-48924

Summary IBM Sterling Connect:Direct Web Services is vulnerable to uncontrolled recursion vulnerability in Apache Commons Lang. This has been addressed in new build available from IBM Repository. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache...

CLSA-2025-1753801232 redis: Fix of CVE-2024-31228

CVE-2024-31228: fix unbounded recursion on supported commands by limiting pattern matching length...