Vulnerabilities (CVE)

Filtered by CWE-190
Total 2237 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-8205 1 Huawei 2 Honor 9, Honor 9 Firmware 2023-12-10 9.3 HIGH 7.8 HIGH
The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a specific parameter to the driver of the smart phone, causing arbitrary code execution.
CVE-2017-17408 1 Bitdefender 1 Internet Security 2018 2023-12-10 9.3 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.
CVE-2017-9199 1 Autotrace Project 1 Autotrace 2023-12-10 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19.
CVE-2017-17426 1 Gnu 1 Glibc 2023-12-10 6.8 MEDIUM 8.1 HIGH
The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check.
CVE-2017-11043 1 Google 1 Android 2023-12-10 9.3 HIGH 7.8 HIGH
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.
CVE-2017-12797 1 Mpg123 1 Mpg123 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in the INT123_parse_new_id3 function in the ID3 parser in mpg123 before 1.25.5 on 32-bit platforms allows remote attackers to cause a denial of service via a crafted file, which triggers a heap-based buffer overflow.
CVE-2015-2310 1 Capnproto 1 Capnproto 2023-12-10 6.4 MEDIUM 9.1 CRITICAL
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.
CVE-2017-17122 1 Gnu 1 Binutils 2023-12-10 6.8 MEDIUM 7.8 HIGH
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file.
CVE-2017-15873 3 Busybox, Canonical, Debian 3 Busybox, Ubuntu Linux, Debian Linux 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.
CVE-2017-2870 2 Debian, Gnome 2 Debian Linux, Gdk-pixbuf 2023-12-10 6.8 MEDIUM 7.8 HIGH
An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability.
CVE-2017-8267 1 Google 1 Android 2023-12-10 7.6 HIGH 7.0 HIGH
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.
CVE-2015-1526 1 Google 1 Android 2023-12-10 7.1 HIGH 5.5 MEDIUM
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.
CVE-2017-17854 2 Debian, Linux 2 Debian Linux, Linux Kernel 2023-12-10 7.2 HIGH 7.8 HIGH
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
CVE-2017-1000422 3 Canonical, Debian, Gnome 3 Ubuntu Linux, Debian Linux, Gdk-pixbuf 2023-12-10 6.8 MEDIUM 8.8 HIGH
Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution
CVE-2017-1000158 2 Debian, Python 2 Debian Linux, Python 2023-12-10 7.5 HIGH 9.8 CRITICAL
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
CVE-2017-9832 1 Libmtp Project 1 Libmtp 2023-12-10 4.6 MEDIUM 6.8 MEDIUM
An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable.
CVE-2017-9835 2 Artifex, Debian 2 Ghostscript, Debian Linux 2023-12-10 6.8 MEDIUM 7.8 HIGH
The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c.
CVE-2016-5762 1 Novell 1 Groupwise 2023-12-10 7.5 HIGH 9.8 CRITICAL
Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.
CVE-2017-5048 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
CVE-2017-9185 1 Autotrace Project 1 Autotrace 2023-12-10 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7.