CVE-2022-36313

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-835
View all →

Vulnerability Description

An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.

Related Vulnerabilities

CVE-2010-0207

MEDIUM
CVSS:5.5(Medium)

In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.

CWE-8352010

CVE-2011-4621

MEDIUM
CVSS:5.5(Medium)

The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes cod...

CWE-8352011

CVE-2012-0248

MEDIUM
CVSS:5.5(Medium)

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the ID...

CWE-8352012

CVE-2012-1186

MEDIUM
CVSS:5.5(Medium)

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in t...

CWE-8352012

CVE-2014-0148

MEDIUM
CVSS:5.5(Medium)

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_se...

CWE-8352014

CVE-2015-10103

MEDIUM
CVSS:5.5(Medium)

A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setFo...

CWE-8352015