Vulnerabilities (CVE)

Filtered by CWE-190
Total 1653 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0627 1 Google 1 Android 2021-08-25 4.6 MEDIUM 6.7 MEDIUM
In OMA DRM, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05722434; Issue ID: ALPS05722434.
CVE-2021-21852 1 Gpac 1 Gpac 2021-08-24 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21851 1 Gpac 1 Gpac 2021-08-24 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-21856 1 Gpac 1 Gpac 2021-08-24 6.8 MEDIUM 8.8 HIGH
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability.
CVE-2021-38185 1 Gnu 1 Cpio 2021-08-16 6.8 MEDIUM 7.8 HIGH
GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data.
CVE-2021-34270 1 Doft 1 Doftcoin 2021-08-12 5.0 MEDIUM 7.5 HIGH
An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses.
CVE-2021-22422 1 Huawei 1 Harmonyos 2021-08-11 7.2 HIGH 7.8 HIGH
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
CVE-2021-22418 1 Huawei 1 Harmonyos 2021-08-11 7.2 HIGH 7.8 HIGH
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
CVE-2020-19715 2021-08-10 4.3 MEDIUM 5.5 MEDIUM
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate is a duplicate of CVE-2019-13110. Notes: All CVE users should reference CVE-2019-13110 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2021-22412 1 Huawei 2 Emui, Magic Ui 2021-08-09 5.0 MEDIUM 7.5 HIGH
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access.
CVE-2021-22388 1 Huawei 2 Emui, Magic Ui 2021-08-06 7.5 HIGH 9.8 CRITICAL
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.
CVE-2017-20005 2 Debian, Nginx 2 Debian Linux, Nginx 2021-08-05 7.5 HIGH 9.8 CRITICAL
NGINX before 1.13.6 has a buffer overflow for years that exceed four digits, as demonstrated by a file with a modification date in 1969 that causes an integer overflow (or a false modification date far in the future), when encountered by the autoindex module.
CVE-2015-8751 1 Jasper Project 1 Jasper 2021-08-05 6.8 MEDIUM 8.8 HIGH
Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation.
CVE-2016-6888 3 Debian, Qemu, Redhat 5 Debian Linux, Qemu, Enterprise Linux and 2 more 2021-08-04 2.1 LOW 4.4 MEDIUM
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
CVE-2018-18438 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2021-08-04 2.1 LOW 5.5 MEDIUM
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-17963 4 Canonical, Debian, Qemu and 1 more 6 Ubuntu Linux, Debian Linux, Qemu and 3 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-11219 4 Debian, Oracle, Redhat and 1 more 4 Debian Linux, Communications Operations Monitor, Openstack and 1 more 2021-08-04 7.5 HIGH 9.8 CRITICAL
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVE-2018-20346 5 Debian, Google, Opensuse and 2 more 5 Debian Linux, Chrome, Leap and 2 more 2021-07-31 6.8 MEDIUM 8.1 HIGH
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
CVE-2018-20506 4 Apple, Microsoft, Opensuse and 1 more 9 Icloud, Iphone Os, Itunes and 6 more 2021-07-31 6.8 MEDIUM 8.1 HIGH
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
CVE-2020-19490 1 Tinyexr Project 1 Tinyexr 2021-07-31 4.3 MEDIUM 5.5 MEDIUM
tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code.