Total
197 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-9167 | 1 Qualcomm | 36 Sd 410, Sd 410 Firmware, Sd 412 and 33 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in an EMM command, an integer underflow can occur. | |||||
CVE-2018-6612 | 1 Jhead Project | 1 Jhead | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An integer underflow bug in the process_EXIF function of the exif.c file of jhead 3.00 raises a heap-based buffer over-read when processing a malicious JPEG file, which may allow a remote attacker to cause a denial-of-service attack or unspecified other impact. | |||||
CVE-2015-2311 | 1 Capnproto | 1 Capnproto | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message. | |||||
CVE-2017-14796 | 1 Libbpg Project | 1 Libbpg | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg. | |||||
CVE-2017-9214 | 3 Debian, Openvswitch, Redhat | 6 Debian Linux, Openvswitch, Enterprise Linux and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`. | |||||
CVE-2015-1208 | 1 Ffmpeg | 1 Ffmpeg | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. | |||||
CVE-2017-11757 | 1 Actian | 2 Pervasive Psql, Zen | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integer underflow that leads to a zero-byte allocation. The _srvLnaConnectMP1 function is affected. | |||||
CVE-2017-13666 | 1 Multicorewareinc | 1 X265 | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
An integer underflow vulnerability exists in pixel-a.asm, the x86 assembly code for planeClipAndMax() in MulticoreWare x265 through 2.5, as used in libbpg and other products. A small height value can cause an integer underflow, which leads to a crash. This is a different vulnerability than CVE-2017-8906. | |||||
CVE-2017-14997 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2023-12-10 | 7.1 HIGH | 6.5 MEDIUM |
GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c. | |||||
CVE-2017-15874 | 1 Busybox | 1 Busybox | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation. | |||||
CVE-2017-7367 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. | |||||
CVE-2017-14496 | 6 Canonical, Debian, Google and 3 more | 8 Ubuntu Linux, Debian Linux, Android and 5 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. | |||||
CVE-2017-8911 | 1 Tnef Project | 1 Tnef | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations, controlled by an attacker. | |||||
CVE-2016-10166 | 1 Libgd | 1 Libgd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable. | |||||
CVE-2017-3034 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-8924 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. | |||||
CVE-2016-7800 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow. | |||||
CVE-2017-6313 | 3 Debian, Fedoraproject, Gnome | 3 Debian Linux, Fedora, Gdk-pixbuf | 2023-12-10 | 5.8 MEDIUM | 7.1 HIGH |
Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file. | |||||
CVE-2016-1925 | 1 Lha For Unix Project | 1 Lha For Unix | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow. | |||||
CVE-2016-10268 | 1 Libtiff | 1 Libtiff | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23. |