EUVD-2019-4794

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646...

CVE-2019-13288

CVE-2019-13288 affects Xpdf 4.01.01: the Parser::getObj() function in Parser.cc may recurse infinitely when processing a crafted file, enabling a remote DoS. Connected Debian tracker confirms the same description. No explicit remediation or affected versions beyond the cited release are provided ...

PT-2019-13240 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: The issue allows a remote attacker to cause a denial-of-service DoS attack via a crafted file, leveraging infinite recursion in the Parser::getObj function. Recommendations: For Xpdf version 4.01.01, as a...

CVE-2019-13129

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption infinite recursion issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling...

haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service

An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion...

Amazon Linux 2 : poppler (ALAS-2019-1217)

There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.CVE-2018-10768 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler allows...

Low: poppler

Issue Overview: There is a NULL pointer dereference in the AnnotPath::getCoordsLength function in Annot.h. A crafted input will lead to a remote denial of service attack. Poppler versions later than 0.41.0 are not affected.CVE-2018-10768 The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in...

DEBIAN-CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

UBUNTU-CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

CVE-2019-12295

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion...

CVE-2018-20821

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::Parser::parsecssvariablevalue in parser.cpp...

CVE-2018-20822

LibSass 3.5.4 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::ComplexSelector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp...

EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow...

EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker...

RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...