Skip to main content

CWE-1335

Incorrect Bitwise Shift of Integer

3 CVEs Avg CVSS 6.9 MITRE
0
CRITICAL
1
HIGH
2
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-4426 MEDIUM PATCH This Month

Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.

Denial Of Service Libarchive Hardened Images Openshift Container Platform Enterprise Linux
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-3161 MEDIUM PATCH This Month

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2016-9842 HIGH PATCH Act Now

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1%.

Information Disclosure Zlib Leap Opensuse Debian Linux +15
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
12.1%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Libarchive fails to properly validate the pz_log2_bs field in ISO9660 Rock Ridge extensions during zisofs decompression, allowing remote attackers to supply a crafted ISO file that triggers undefined behavior and causes denial-of-service through incorrect memory allocation and application crashes. The vulnerability requires user interaction (ISO file opening) but no authentication, affects libarchive across multiple distributions, and carries a moderate EPSS score (0.11%, 30th percentile) suggesting low current exploitation probability despite the moderate CVSS severity.

Denial Of Service Libarchive Hardened Images +2
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +2
NVD GitHub
EPSS 12% CVSS 8.8
HIGH PATCH Act Now

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.1%.

Information Disclosure Zlib Leap +17
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy