CVE-2010-1282Infinite Loop in Adobe Shockwave Player

CWE-835Infinite Loop3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
1.4%
top 19.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adobe Shockwave Player
Timeline
PublishedMay 13
Latest updateMay 2

Description

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDadobe/shockwave_player< 11.5.7.609

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-8w78-hr8v-fm5g: Adobe Shockwave Player before 112022-05-02
CVEList
CVE-2010-1282: Adobe Shockwave Player before 112010-05-13
CVE-2010-1282 — Infinite Loop in Adobe Shockwave Player | cvebase