What is CVE-2010-1282?

CVE-2010-1282 is a medium-severity vulnerability in Adobe Shockwave_player, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.5/10. Published 2010-05-13.

How severe is CVE-2010-1282?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Adobe Shockwave_player

CVE-2010-1282

Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.

EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

40088 (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
20100512 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (mailing-list, x_refsource_BUGTRAQ, VDB Entry, Third Party Advisory)
oval:org.mitre.oval:def:7388 (Tool Signature, x_refsource_OVAL, signature, Third Party Advisory, vdb-entry)
20100511 [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (mailing-list, x_refsource_FULLDISC, Broken Link)
psirt@adobe.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
ADV-2010-1128 (Permissions Required, Third Party Advisory, vdb-entry, x_refsource_VUPEN)
psirt@adobe.com (x_refsource_MISC, Not Applicable)

Frequently asked questions

What is CVE-2010-1282?: CVE-2010-1282 is a medium-severity vulnerability in Adobe Shockwave_player, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.5/10. Published 2010-05-13.
How severe is CVE-2010-1282?: Medium severity. CVSS v3 base score is 6.5 out of 10.