CVE Vulnerabilities

CVE-2017-18238

Loop with Unreachable Exit Condition ('Infinite Loop')

Published: Mar 15, 2018 | Modified: Oct 03, 2019
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM

An issue was discovered in Exempi before 2.4.4. The TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp allows remote attackers to cause a denial of service (infinite loop) via crafted XMP data in a .qt file.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name Vendor Start Version End Version
Exempi Exempi_project * 2.4.4 (excluding)
Red Hat Enterprise Linux 7 RedHat exempi-0:2.2.0-9.el7 *
Exempi Ubuntu artful *
Exempi Ubuntu trusty *
Exempi Ubuntu upstream *
Exempi Ubuntu xenial *

References