| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-55200 | High | 8.1 v3 | 0.9% | - | Fix available | 2026-06-27 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution. |
| CVE-2026-8376 | Medium | 5.7 v3 | 0.4% | - | Fix available | 2026-05-27 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time. |
| CVE-2026-25541 | Medium | 7.5 v3 | 0.6% | - | Fix available | 2026-03-04 | Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks. This issue has been patched in version 1.11.1. |
| CVE-2026-24928 | Medium | 5.8 v3 | 0.1% | - | -No fix available yet | 2026-02-06 | Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2025-53510 | High | 8.8 v3 | 0.6% | - | Fix available | 2025-08-25 | A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. |
| CVE-2025-52930 | High | 8.8 v3 | 0.7% | - | Fix available | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. |
| CVE-2025-52456 | High | 8.8 v3 | 0.6% | - | Fix available | 2025-08-25 | A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. |
| CVE-2025-46407 | High | 8.8 v3 | 0.6% | - | Fix available | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. |
| CVE-2025-32468 | High | 8.8 v3 | 0.6% | - | Fix available | 2025-08-25 | A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability. |
| CVE-2025-20263 | High | 8.6 v3 | 0.6% | - | -No fix available yet | 2025-08-14 | A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition. |
| CVE-2025-54952 | Critical | 9.8 v3 | 0.6% | - | -No fix available yet | 2025-08-08 | An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b. |
| CVE-2025-23326 | High | 7.5 v3 | 0.4% | - | Fix available | 2025-08-06 | NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service. |
| CVE-2025-54623 | Medium | 6.3 v3 | 0.1% | - | -No fix available yet | 2025-08-06 | Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2025-53630 | Unscored | - | 0.3% | - | Fix available | 2025-07-10 | llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579. |
| CVE-2025-32023 | High | 7.0 v3 | 3.9% | - | Fix available | 2025-07-07 | Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands. |
| CVE-2024-48877 | High | 8.4 v3 | 0.3% | - | Fix available | 2025-06-02 | A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. |
| CVE-2025-21442 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2025-04-07 | Memory corruption while transmitting packet mapping information with invalid header payload size. |
| CVE-2024-58107 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2025-04-07 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-57956 | Low | 2.8 v3 | 0.2% | - | -No fix available yet | 2025-02-06 | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-56451 | High | 7.3 v3 | 0.1% | - | -No fix available yet | 2025-01-08 | Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-55626 | Low | 3.3 v3 | 0.2% | - | Fix available | 2025-01-06 | Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8. |
| CVE-2024-38422 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2024-11-04 | Memory corruption while processing voice packet with arbitrary data received from ADSP. |
| CVE-2024-6381 | Medium | 4.0 v3 | 0.4% | - | Fix available | 2024-07-02 | The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2 |
| CVE-2024-37305 | High | 8.2 v3 | 0.4% | - | -No fix available yet | 2024-06-17 | oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue. |
| CVE-2024-33078 | Critical | 9.8 v3 | 1.1% | - | -No fix available yet | 2024-05-01 | Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. |
| CVE-2024-28219 | Medium | 6.7 v3 | 1.0% | - | Fix available | 2024-04-03 | In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. |
| CVE-2024-21470 | High | 8.4 v3 | 0.1% | - | -No fix available yet | 2024-04-01 | Memory corruption while allocating memory for graphics. |
| CVE-2024-21454 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2024-04-01 | Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics. |
| CVE-2024-2608 | High | 8.4 v3 | 0.4% | - | Fix available | 2024-03-19 | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. |
| CVE-2024-24478 | High | 7.5 v3 | 1.0% | - | Fix available | 2024-02-21 | An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. |
| CVE-2022-36765 | High | 7.0 v3 | 0.3% | - | Fix available | 2024-01-09 | EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
| CVE-2023-33022 | High | 8.4 v3 | 0.2% | - | -No fix available yet | 2023-12-05 | Memory corruption in HLOS while invoking IOCTL calls from user-space. |
| CVE-2023-33018 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2023-12-05 | Memory corruption while using the UIM diag command to get the operators name. |
| CVE-2023-28585 | High | 8.2 v3 | 0.1% | - | -No fix available yet | 2023-12-05 | Memory corruption while loading an ELF segment in TEE Kernel. |
| CVE-2023-22305 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2023-11-14 | Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2023-37536 | High | 8.2 v3 | 1.4% | - | Fix available | 2023-10-11 | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. |
| CVE-2023-21644 | Medium | 6.7 v3 | 0.1% | - | -No fix available yet | 2023-09-05 | Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request. |
| CVE-2023-21648 | Medium | 6.7 v3 | 0.1% | - | -No fix available yet | 2023-08-08 | Memory corruption in RIL while trying to send apdu packet. |
| CVE-2022-24834 | High | 7.0 v3 | 43% | - | Fix available | 2023-07-13 | Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. |
| CVE-2023-22443 | Medium | 6.0 v3 | 0.2% | - | Fix available | 2023-05-10 | Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access. |
| CVE-2022-33296 | Medium | 5.9 v3 | 0.1% | - | -No fix available yet | 2023-04-13 | Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. |
| CVE-2022-33282 | High | 8.4 v3 | 0.1% | - | -No fix available yet | 2023-04-13 | Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. |
| CVE-2022-40530 | High | 8.4 v3 | 0.1% | - | -No fix available yet | 2023-03-10 | Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. |
| CVE-2022-25705 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2023-03-10 | Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response |
| CVE-2022-33248 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2023-02-12 | Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. |
| CVE-2022-35289 | Critical | 9.8 v3 | 0.9% | - | Fix available | 2022-10-11 | A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. |
| CVE-2022-32543 | High | 7.8 v3 | 0.5% | - | -No fix available yet | 2022-08-05 | An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
| CVE-2022-29886 | High | 7.8 v3 | 0.5% | - | -No fix available yet | 2022-08-05 | An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. |
| CVE-2022-29030 | Medium | 5.5 v3 | 0.5% | - | Fix available | 2022-05-20 | A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. |
| CVE-2020-6099 | High | 7.8 v3 | 1.1% | - | -No fix available yet | 2022-04-18 | An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. |
- HighCVSS 8.1 v3·EPSS 0.9%·Fix available
libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
Published 2026-06-27
- MediumCVSS 5.7 v3·EPSS 0.4%·Fix available
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.
Published 2026-05-27
- MediumCVSS 7.5 v3·EPSS 0.6%·Fix available
Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition "v_capacity >= new_cap + offset" uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks. This issue has been patched in version 1.11.1.
Published 2026-03-04
- MediumCVSS 5.8 v3·EPSS 0.1%·No fix yet
Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Published 2026-02-06
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Published 2025-08-25
- HighCVSS 8.8 v3·EPSS 0.7%·Fix available
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Published 2025-08-25
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Published 2025-08-25
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Published 2025-08-25
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Published 2025-08-25
- HighCVSS 8.6 v3·EPSS 0.6%·No fix yet
A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition.
Published 2025-08-14
- CriticalCVSS 9.8 v3·EPSS 0.6%·No fix yet
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
Published 2025-08-08
- HighCVSS 7.5 v3·EPSS 0.4%·Fix available
NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an integer overflow through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
Published 2025-08-06
- MediumCVSS 6.3 v3·EPSS 0.1%·No fix yet
Out-of-bounds read vulnerability in the devicemanager module. Impact: Successful exploitation of this vulnerability may affect availability.
Published 2025-08-06
- UnscoredCVSS -·EPSS 0.3%·Fix available
llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.
Published 2025-07-10
- HighCVSS 7.0 v3·EPSS 3.9%·Fix available
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Published 2025-07-07
- HighCVSS 8.4 v3·EPSS 0.3%·Fix available
A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Published 2025-06-02
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Memory corruption while transmitting packet mapping information with invalid header payload size.
Published 2025-04-07
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
Published 2025-04-07
- CVSS 2.8 v3·EPSS 0.2%·No fix yet
Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of this vulnerability may affect availability.
Published 2025-02-06
- HighCVSS 7.3 v3·EPSS 0.1%·No fix yet
Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability.
Published 2025-01-08
- CVSS 3.3 v3·EPSS 0.2%·Fix available
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8.
Published 2025-01-06
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Memory corruption while processing voice packet with arbitrary data received from ADSP.
Published 2024-11-04
- MediumCVSS 4.0 v3·EPSS 0.4%·Fix available
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
Published 2024-07-02
- HighCVSS 8.2 v3·EPSS 0.4%·No fix yet
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.
Published 2024-06-17
- CriticalCVSS 9.8 v3·EPSS 1.1%·No fix yet
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution.
Published 2024-05-01
- MediumCVSS 6.7 v3·EPSS 1.0%·Fix available
In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.
Published 2024-04-03
- HighCVSS 8.4 v3·EPSS 0.1%·No fix yet
Memory corruption while allocating memory for graphics.
Published 2024-04-01
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Transient DOS while decoding the ToBeSignedMessage in Automotive Telematics.
Published 2024-04-01
- HighCVSS 8.4 v3·EPSS 0.4%·Fix available
`AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
Published 2024-03-19
- HighCVSS 7.5 v3·EPSS 1.0%·Fix available
An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Published 2024-02-21
- HighCVSS 7.0 v3·EPSS 0.3%·Fix available
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Published 2024-01-09
- HighCVSS 8.4 v3·EPSS 0.2%·No fix yet
Memory corruption in HLOS while invoking IOCTL calls from user-space.
Published 2023-12-05
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Memory corruption while using the UIM diag command to get the operators name.
Published 2023-12-05
- HighCVSS 8.2 v3·EPSS 0.1%·No fix yet
Memory corruption while loading an ELF segment in TEE Kernel.
Published 2023-12-05
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.
Published 2023-11-14
- HighCVSS 8.2 v3·EPSS 1.4%·Fix available
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
Published 2023-10-11
- MediumCVSS 6.7 v3·EPSS 0.1%·No fix yet
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu request.
Published 2023-09-05
- MediumCVSS 6.7 v3·EPSS 0.1%·No fix yet
Memory corruption in RIL while trying to send apdu packet.
Published 2023-08-08
- HighCVSS 7.0 v3·EPSS 43%·Fix available
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Published 2023-07-13
- MediumCVSS 6.0 v3·EPSS 0.2%·Fix available
Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access.
Published 2023-05-10
- MediumCVSS 5.9 v3·EPSS 0.1%·No fix yet
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.
Published 2023-04-13
- HighCVSS 8.4 v3·EPSS 0.1%·No fix yet
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.
Published 2023-04-13
- HighCVSS 8.4 v3·EPSS 0.1%·No fix yet
Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.
Published 2023-03-10
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response
Published 2023-03-10
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http.
Published 2023-02-12
- CriticalCVSS 9.8 v3·EPSS 0.9%·Fix available
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Published 2022-10-11
- HighCVSS 7.8 v3·EPSS 0.5%·No fix yet
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Published 2022-08-05
- HighCVSS 7.8 v3·EPSS 0.5%·No fix yet
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Published 2022-08-05
- MediumCVSS 5.5 v3·EPSS 0.5%·Fix available
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
Published 2022-05-20
- HighCVSS 7.8 v3·EPSS 1.1%·No fix yet
An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
Published 2022-04-18
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.