CWE-835
AllowedLoop with Unreachable Exit Condition ('Infinite Loop')
Abstraction: Base · Status: Incomplete
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
1057 vulnerabilities reference this CWE, most recent first.
GHSA-V4XF-P7R4-PFPQ
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.
{
"affected": [],
"aliases": [
"CVE-2018-6918"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-04T14:29:00Z",
"severity": "HIGH"
},
"details": "In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.",
"id": "GHSA-v4xf-p7r4-pfpq",
"modified": "2022-05-13T01:53:13Z",
"published": "2022-05-13T01:53:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6918"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/77"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210090"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT210091"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jun/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103666"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040628"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V594-44HM-2J7P
Vulnerability from github – Published: 2025-07-28 21:31 – Updated: 2025-11-05 00:31There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the “tarfile” module:
import tarfile
def _block_patched(self, count): if count < 0: # pragma: no cover raise tarfile.InvalidHeaderError("invalid offset") return _block_patched._orig_block(self, count)
_block_patched._orig_block = tarfile.TarInfo._block tarfile.TarInfo._block = _block_patched
{
"affected": [],
"aliases": [
"CVE-2025-8194"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-28T19:15:43Z",
"severity": "HIGH"
},
"details": "There is a defect in the CPython \u201ctarfile\u201d module affecting the \u201cTarFile\u201d extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives. \n\nThis vulnerability can be mitigated by including the following patch after importing the \u201ctarfile\u201d module:\n\n\n\nimport tarfile\n\ndef _block_patched(self, count):\n\u00a0 \u00a0 if count \u003c 0: # pragma: no cover\n\u00a0 \u00a0 \u00a0 \u00a0 raise tarfile.InvalidHeaderError(\"invalid offset\")\n\u00a0 \u00a0 return _block_patched._orig_block(self, count)\n\n_block_patched._orig_block = tarfile.TarInfo._block\ntarfile.TarInfo._block = _block_patched",
"id": "GHSA-v594-44hm-2j7p",
"modified": "2025-11-05T00:31:23Z",
"published": "2025-07-28T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8194"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/130577"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/137027"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/57f5981d6260ed21266e0c26951b8564cc252bc2"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/7040aa54f14676938970e10c5f74ea93cd56aa38"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/73f03e4808206f71eb6b92c579505a220942ef19"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/b4ec17488eedec36d3c05fec127df71c0071f6cb"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/cdae923ffe187d6ef916c0f665a31249619193fe"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/commit/fbc2a0ca9ac8aff6887f8ddf79b87b4510277227"
},
{
"type": "WEB",
"url": "https://gist.github.com/sethmlarson/1716ac5b82b73dbcbf23ad2eff8b33e1"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/28/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V5GM-HMRC-RGFQ
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
{
"affected": [],
"aliases": [
"CVE-2017-18186"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-13T19:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.",
"id": "GHSA-v5gm-hmrc-rgfq",
"modified": "2022-05-13T01:44:36Z",
"published": "2022-05-13T01:44:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18186"
},
{
"type": "WEB",
"url": "https://github.com/qpdf/qpdf/issues/149"
},
{
"type": "WEB",
"url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3638-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V6C2-XWV6-8XF7
Vulnerability from github – Published: 2026-03-17 20:04 – Updated: 2026-03-19 21:00Summary
music-metadata's ASF parser (parseExtensionObject() in lib/asf/AsfParser.ts:112-158) enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0.
Root Cause
When objectSize is 0:
1. remaining = 0 - 24 = -24
2. tokenizer.ignore(-24) moves the read position backward by 24 bytes
3. extensionSize -= 0 (loop counter never decreases)
4. while (extensionSize > 0) never exits
5. The same 24-byte header is re-read infinitely
This is the same pattern as CVE-2026-31808 (GHSA-5v7r-6r5c-r473) in file-type — strtok3's AbstractTokenizer.ignore() accepts negative values without validation.
Affected Methods
parseFile()— HANGS (FileTokenizer inherits vulnerable ignore())parseBuffer()— HANGS (BufferTokenizer inherits vulnerable ignore())parseStream()— NOT affected (ReadStreamTokenizer has own ignore() that throws RangeError)
Impact
A 100-byte crafted .asf file permanently hangs any application using parseFile() or parseBuffer(). music-metadata has 2.2M weekly npm downloads.
Suggested Fix
Validate objectSize >= minimumHeaderSize before calculating the payload. Or fix strtok3's AbstractTokenizer.ignore() to reject negative values.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 11.12.1"
},
"package": {
"ecosystem": "npm",
"name": "music-metadata"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.12.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32256"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-17T20:04:48Z",
"nvd_published_at": "2026-03-18T04:17:25Z",
"severity": "HIGH"
},
"details": "# Summary\n\nmusic-metadata\u0027s ASF parser (`parseExtensionObject()` in `lib/asf/AsfParser.ts:112-158`) enters an infinite loop when a sub-object inside the ASF Header Extension Object has `objectSize = 0`.\n\n## Root Cause\n\nWhen objectSize is 0:\n1. `remaining = 0 - 24 = -24`\n2. `tokenizer.ignore(-24)` moves the read position backward by 24 bytes\n3. `extensionSize -= 0` (loop counter never decreases)\n4. `while (extensionSize \u003e 0)` never exits\n5. The same 24-byte header is re-read infinitely\n\nThis is the same pattern as CVE-2026-31808 (GHSA-5v7r-6r5c-r473) in file-type \u2014 strtok3\u0027s `AbstractTokenizer.ignore()` accepts negative values without validation.\n\n## Affected Methods\n- `parseFile()` \u2014 HANGS (FileTokenizer inherits vulnerable ignore())\n- `parseBuffer()` \u2014 HANGS (BufferTokenizer inherits vulnerable ignore())\n- `parseStream()` \u2014 NOT affected (ReadStreamTokenizer has own ignore() that throws RangeError)\n\n## Impact\nA 100-byte crafted .asf file permanently hangs any application using parseFile() or parseBuffer(). music-metadata has 2.2M weekly npm downloads.\n\n## Suggested Fix\nValidate `objectSize \u003e= minimumHeaderSize` before calculating the payload. Or fix strtok3\u0027s `AbstractTokenizer.ignore()` to reject negative values.",
"id": "GHSA-v6c2-xwv6-8xf7",
"modified": "2026-03-19T21:00:51Z",
"published": "2026-03-17T20:04:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Borewit/music-metadata/security/advisories/GHSA-v6c2-xwv6-8xf7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32256"
},
{
"type": "PACKAGE",
"url": "https://github.com/Borewit/music-metadata"
},
{
"type": "WEB",
"url": "https://github.com/Borewit/music-metadata/releases/tag/v11.12.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "music-metadata has an infinite loop vulnerability in ASF parser"
}
GHSA-V6W4-VHPG-3Q68
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
{
"affected": [],
"aliases": [
"CVE-2020-11186"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-17T06:15:00Z",
"severity": "MODERATE"
},
"details": "Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",
"id": "GHSA-v6w4-vhpg-3q68",
"modified": "2022-05-24T17:44:40Z",
"published": "2022-05-24T17:44:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11186"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-V6W7-GQ3G-FWVM
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-06-04 00:00A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20255"
],
"database_specific": {
"cwe_ids": [
"CWE-674",
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-09T20:15:00Z",
"severity": "MODERATE"
},
"details": "A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"id": "GHSA-v6w7-gq3g-fwvm",
"modified": "2022-06-04T00:00:55Z",
"published": "2022-05-24T17:43:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20255"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930646"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00009.html"
},
{
"type": "WEB",
"url": "https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Feepro100_stackoverflow1"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210507-0003"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/02/25/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V75W-X35M-6379
Vulnerability from github – Published: 2022-05-13 01:53 – Updated: 2022-05-13 01:53In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.
{
"affected": [],
"aliases": [
"CVE-2018-7333"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T22:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.",
"id": "GHSA-v75w-x35m-6379",
"modified": "2022-05-13T01:53:21Z",
"published": "2022-05-13T01:53:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7333"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bd6313181317bfe83842b27650b65f3c2b8d5dc9"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/103158"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V7GF-C3MW-55GX
Vulnerability from github – Published: 2022-08-19 00:00 – Updated: 2022-08-23 00:00An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input.
{
"affected": [],
"aliases": [
"CVE-2022-35165"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-18T05:15:00Z",
"severity": "MODERATE"
},
"details": "An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input.",
"id": "GHSA-v7gf-c3mw-55gx",
"modified": "2022-08-23T00:00:18Z",
"published": "2022-08-19T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35165"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/712"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V7RC-Q48Q-F2P3
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-05-29 15:30In the Linux kernel, the following vulnerability has been resolved:
can: ucan: Fix infinite loop from zero-length messages
If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucan_read_bulk_callback(), hanging the system. If the length is 0, just skip the message and go on to the next one.
This has been fixed in the kvaser_usb driver in the past in commit 0c73772cd2b8 ("can: kvaser_usb: leaf: Fix potential infinite loop in command parsers"), so there must be some broken devices out there like this somewhere.
{
"affected": [],
"aliases": [
"CVE-2026-23298"
],
"database_specific": {
"cwe_ids": [
"CWE-835"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:25Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ucan: Fix infinite loop from zero-length messages\n\nIf a broken ucan device gets a message with the message length field set\nto 0, then the driver will loop for forever in\nucan_read_bulk_callback(), hanging the system. If the length is 0, just\nskip the message and go on to the next one.\n\nThis has been fixed in the kvaser_usb driver in the past in commit\n0c73772cd2b8 (\"can: kvaser_usb: leaf: Fix potential infinite loop in\ncommand parsers\"), so there must be some broken devices out there like\nthis somewhere.",
"id": "GHSA-v7rc-q48q-f2p3",
"modified": "2026-05-29T15:30:26Z",
"published": "2026-03-25T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23298"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/13b646eec3ba1131180803f5aaf1fee23540ad8f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1e446fd0582ad8be9f6dafb115fc2e7245f9bea7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/aa9e0a7fe5efc2f74327fd37d828e9a51d9ff588"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ab6f075492d37368b4c7b0df7f7fdc2b666887fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd85f21a6219aeae4389d700c54f1799f4b814e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7bc62be6c1a60bb21301692009590b1ffda91d9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca07d3c6eef14d34e6fdeefe55058db045be29dc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e7bb6e0606b5f233531aaaad9542d69fbb792115"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V994-63CG-9WJ3
Vulnerability from github – Published: 2026-02-24 15:46 – Updated: 2026-02-24 15:46A crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "agick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26066"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-24T15:46:03Z",
"nvd_published_at": "2026-02-24T03:16:00Z",
"severity": "MODERATE"
},
"details": "A crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT`.",
"id": "GHSA-v994-63cg-9wj3",
"modified": "2026-02-24T15:46:03Z",
"published": "2026-02-24T15:46:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26066"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/880057ce34f6da9dff2fe3b290bbbc45b743e613"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick has infinite loop when writing IPTCTEXT leads to denial of service via crafted profile"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.