Vulnerabilities (CVE)

Filtered by CWE-190
Total 1685 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7603 1 Libaacplus Project 1 Libaacplus 2017-04-13 6.8 MEDIUM 7.8 HIGH
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2016-10319 1 Arm Trusted Firmware Project 1 Arm Trusted Firmware 2017-04-12 4.3 MEDIUM 5.9 MEDIUM
In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC can result in copying unexpectedly large data into secure memory because of integer overflows. This affects certain cases involving execution of both AArch64 Generic Trusted Firmware (TF) BL1 code and other firmware update code.
CVE-2016-6177 1 Huawei 2 Oceanstor 5800 V3, Oceanstor 5800 V3 Firmware 2017-04-06 4.0 MEDIUM 6.5 MEDIUM
The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.
CVE-2016-8795 1 Huawei 12 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 9 more 2017-04-05 7.1 HIGH 5.9 MEDIUM
Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 5800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 6800 with software V100R002C00, V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 7800 with software V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00; CloudEngine 8800 with software V100R006C00; and Secospace USG6600 with software V500R001C00 allow remote unauthenticated attackers to craft specific IPFPM packets to trigger an integer overflow and cause the device to reset.
CVE-2017-6952 1 Capstone-engine 1 Capstone 2017-04-05 7.5 HIGH 8.8 HIGH
Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c in Capstone 3.0.4 and earlier allows attackers to cause a denial of service (heap-based buffer overflow in a kernel driver) or possibly have unspecified other impact via a large value.
CVE-2016-9123 1 Go-jose Project 1 Go-jose 2017-03-29 5.0 MEDIUM 7.5 HIGH
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
CVE-2016-9557 1 Jasper Project 1 Jasper 2017-03-27 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in jas_image.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (application crash) via a crafted file.
CVE-2015-8983 1 Gnu 1 Glibc 2017-03-22 6.8 MEDIUM 8.1 HIGH
Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow.
CVE-2017-6962 1 Apng2gif Project 1 Apng2gif 2017-03-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer overflow. This is related to the read_chunk function making an unchecked addition of 12.
CVE-2016-6522 1 Openbsd 1 Openbsd 2017-03-09 4.9 MEDIUM 5.5 MEDIUM
Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in OpenBSD 5.9 allows local users to cause a denial of service (kernel panic) via a crafted mmap call, which triggers the new mapping to overlap with an existing mapping.
CVE-2017-5853 1 Podofo Project 1 Podofo 2017-03-03 6.8 MEDIUM 7.8 HIGH
Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
CVE-2016-9824 1 Libav 1 Libav 2017-03-03 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-5501 1 Jasper Project 1 Jasper 2017-03-03 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2016-9132 1 Botan Project 1 Botan 2017-03-02 7.5 HIGH 9.8 CRITICAL
In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure.
CVE-2016-8389 1 Iceni 1 Argus 2017-03-02 9.3 HIGH 7.8 HIGH
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it.
CVE-2016-8636 1 Linux 1 Linux Kernel 2017-03-01 7.2 HIGH 7.8 HIGH
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
CVE-2017-0309 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2017-02-23 7.2 HIGH 8.8 HIGH
All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.
CVE-2016-7511 1 Libdwarf Project 1 Libdwarf 2017-02-22 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2016-6871 1 Facebook 1 Hhvm 2017-02-22 7.5 HIGH 9.8 CRITICAL
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
CVE-2016-6872 1 Facebook 1 Hhvm 2017-02-22 7.5 HIGH 9.8 CRITICAL
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.