Denial Of Service (DoS)

2023-01-2307:05:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

libxpm

dos

vulnerability

file parsing

infinite loop

application crash

0.005 Low

EPSS

Percentile

77.1%

JSON

libxpm is vulnerable to Denial of Service(DoS) attacks. When parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop, causing the application to crash.

CPENameOperatorVersion
libxpm:3.15eq3.5.13-r0
libxpm:3.17eq3.5.13-r1
libxpm:3.17eq3.5.14-r0
libxpm:edgeeq3.5.13-r0
libxpm:edgeeq3.5.13-r1
libxpm:edgeeq3.5.14-r0
libxpm:3.14eq3.5.13-r0
libxpm:3.16eq3.5.13-r0
libxpmeq3.5.12__2.el7_9
libxpmeq3.5.8__2.el6

Name	Operator	Version
libxpm:3.15	eq	3.5.13-r0
libxpm:3.17	eq	3.5.13-r1
libxpm:3.17	eq	3.5.14-r0
libxpm:edge	eq	3.5.13-r0
libxpm:edge	eq	3.5.13-r1
libxpm:edge	eq	3.5.14-r0
libxpm:3.14	eq	3.5.13-r0
libxpm:3.16	eq	3.5.13-r0
libxpm	eq	3.5.12__2.el7_9
libxpm	eq	3.5.8__2.el6