Total
2913 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2987 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-7603 | 1 Libaacplus Project | 1 Libaacplus | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2017-6889 | 1 Libraw | 1 Libraw-demosaic-pack-gpl2 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | |||||
| CVE-2017-9186 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | |||||
| CVE-2017-14173 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. | |||||
| CVE-2016-8704 | 1 Memcached | 1 Memcached | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution. | |||||
| CVE-2016-2347 | 3 Debian, Lhasa Project, Opensuse | 4 Debian Linux, Lhasa, Leap and 1 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |||||
| CVE-2016-7938 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). | |||||
| CVE-2017-16663 | 1 Sam2p Project | 1 Sam2p | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In sam2p 0.49.4, there are integer overflows (with resultant heap-based buffer overflows) in input-bmp.ci in the function ReadImage, because "width * height" multiplications occur unsafely. | |||||
| CVE-2016-9821 | 1 Libav | 1 Libav | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2017-9281 | 1 Microfocus | 1 Visibroker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | |||||
| CVE-2016-10168 | 1 Libgd | 1 Libgd | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. | |||||
| CVE-2017-9162 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2. | |||||
| CVE-2016-5762 | 1 Novell | 1 Groupwise | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-10141 | 1 Artifex | 1 Mujs | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition. | |||||
| CVE-2016-8795 | 1 Huawei | 12 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 9 more | 2025-04-20 | 7.1 HIGH | 5.9 MEDIUM |
| Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset. | |||||
| CVE-2017-6312 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted image entry offset in an ICO file, which triggers an out-of-bounds read, related to compiler optimizations. | |||||
| CVE-2017-1000229 | 2 Debian, Optipng Project | 2 Debian Linux, Optipng | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | |||||
| CVE-2016-6252 | 1 Shadow Project | 1 Shadow | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | |||||
| CVE-2017-9835 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | |||||