Skip to main content

CWE-196

Unsigned to Signed Conversion Error

4 CVEs Avg CVSS 8.3 MITRE
2
CRITICAL
2
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-14454 CRITICAL PATCH Act Now

Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not listed in CISA KEV.

Information Disclosure Imager
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-34155 HIGH PATCH This Week

Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.

Buffer Overflow Rauc
NVD GitHub VulDB
CVSS 4.0
7.2
EPSS
0.0%
CVE-2023-0185 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Information Disclosure Linux Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2022-36025 Maven CRITICAL PATCH Act Now

Besu is a Java-based Ethereum client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Besu
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Denial of service in the Imager image-processing module for Perl (all versions before 1.033) allows remote attackers to crash a worker process by submitting an image whose EXIF IFD entry count is mishandled as a signed integer, triggering an near-address-space-sized memory allocation that fails and aborts the process. Any application that passes untrusted images through Imager's EXIF parsing is exposed. There is no public exploit identified at time of analysis, EPSS is low (0.18%, 8th percentile), and it is not listed in CISA KEV.

Information Disclosure Imager
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Integer overflow in RAUC versions prior to 1.15.2 allows signature bypass on 'plain' format bundles exceeding 2 GiB payload size, enabling attackers with bundle modification capability to alter unverified payload portions while retaining a valid signature. This affects embedded Linux systems relying on RAUC for secure firmware updates.

Buffer Overflow Rauc
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Information Disclosure +2
NVD
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Besu is a Java-based Ethereum client. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Besu
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy