Total
2704 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4291 | 1 Hancom | 1 Hancom Office 2014 | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application. | |||||
| CVE-2017-16797 | 1 Swftools | 1 Swftools | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. | |||||
| CVE-2017-9161 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23. | |||||
| CVE-2016-6252 | 1 Shadow Project | 1 Shadow | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | |||||
| CVE-2017-14173 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, an integer overflow might occur for the addition operation "GetQuantumRange(depth)+1" when "depth" is large, producing a smaller value than expected. As a result, an infinite loop would occur for a crafted TXT file that claims a very large "max_value" value. | |||||
| CVE-2017-0691 | 1 Google | 1 Android | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453. | |||||
| CVE-2016-10168 | 1 Libgd | 1 Libgd | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. | |||||
| CVE-2017-16612 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxcursor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0. | |||||
| CVE-2015-8995 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2017-6962 | 1 Apng2gif Project | 1 Apng2gif | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12. | |||||
| CVE-2017-6303 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." | |||||
| CVE-2017-9281 | 1 Microfocus | 1 Visibroker | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. | |||||
| CVE-2016-6522 | 1 Openbsd | 1 Openbsd | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping. | |||||
| CVE-2016-6177 | 1 Huawei | 2 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays. | |||||
| CVE-2017-6302 | 2 Debian, Ytnef Project | 2 Debian Linux, Ytnef | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | |||||
| CVE-2015-4645 | 2 Fedoraproject, Squashfs Project | 2 Fedora, Squashfs | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow. | |||||
| CVE-2017-5628 | 1 Artifex | 1 Mujs | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file. | |||||
| CVE-2015-1526 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | |||||
| CVE-2017-4913 | 1 Vmware | 2 Horizon View, Workstation | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | |||||
| CVE-2017-14333 | 1 Gnu | 1 Binutils | 2025-04-20 | 4.3 MEDIUM | 7.8 HIGH |
| The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. | |||||