Skip to main content

Integer Overflow

2762 CVEs technique

Monthly

CVE-2016-0993 HIGH PATCH This Week

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD
CVSS 3.1
8.8
EPSS
6.2%
CVE-2016-0963 HIGH PATCH This Week

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD
CVSS 3.1
8.8
EPSS
6.2%
CVE-2016-2316 MEDIUM POC This Month

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Fedora Asterisk Certified Asterisk
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2016-2326 HIGH This Week

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Debian Linux Ubuntu Linux Ffmpeg
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2015-8651 HIGH KEV PATCH THREAT Act Now

Remote code execution in Adobe Flash Player allows network attackers to execute arbitrary code via integer overflow exploitation. Confirmed actively exploited (CISA KEV) with 88.97% EPSS score indicating extremely high real-world exploitation probability. Affects Flash Player before 18.0.0.324/20.0.0.267, Adobe AIR before 20.0.0.233, and associated SDKs across Windows, OS X, and Linux platforms. Vendor-released patches available since December 2015.

Adobe Integer Overflow Microsoft RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
89.0%
Threat
7.9
CVE-2015-8394 CRITICAL Act Now

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library PHP
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2015-8387 HIGH This Week

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library Fedora PHP
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2015-5212 MEDIUM This Month

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 49.6% and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow RCE Apache +4
NVD
CVSS 2.0
6.8
EPSS
49.6%
CVE-2015-5707 MEDIUM PATCH This Month

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Ubuntu Linux +3
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2015-2519 CRITICAL PATCH Act Now

Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.0%.

Integer Overflow RCE Microsoft Windows 10 Windows 7 +7
NVD
CVSS 2.0
9.3
EPSS
28.0%
CVE-2015-0537 CRITICAL Act Now

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Bsafe Bsafe Crypto C +1
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2015-1283 MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Chrome +12
NVD
CVSS 2.0
6.8
EPSS
0.5%
CVE-2015-5109 MEDIUM PATCH This Month

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Integer Overflow Adobe RCE Microsoft Acrobat +3
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2015-5108 CRITICAL PATCH Act Now

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Adobe RCE Microsoft Acrobat +3
NVD
CVSS 2.0
10.0
EPSS
5.3%
CVE-2015-5097 CRITICAL PATCH Act Now

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Adobe RCE Microsoft Acrobat +3
NVD
CVSS 2.0
10.0
EPSS
5.3%
CVE-2015-3416 HIGH PATCH CISA Act Now

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Buffer Overflow Ubuntu Linux Sqlite +4
NVD
CVSS 2.0
7.5
EPSS
7.5%
CVE-2015-2305 MEDIUM POC THREAT This Month

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.9%.

Integer Overflow RCE Buffer Overflow Rxspencer Ubuntu Linux +3
NVD
CVSS 2.0
6.8
EPSS
32.9%
CVE-2013-7437 MEDIUM POC This Month

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow Potrace
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2015-1214 HIGH This Week

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Buffer Overflow Enterprise Linux Desktop Supplementary +5
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-0886 Maven MEDIUM PATCH This Month

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Buffer Overflow Jbcrypt Fedora bcrypt
NVD
CVSS 2.0
5.0
EPSS
2.5%
CVE-2014-9192 HIGH This Week

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Vtscada
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2014-8094 MEDIUM PATCH This Month

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow RCE Buffer Overflow Denial Of Service X Server +2
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2014-9087 HIGH PATCH This Week

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Mageia Debian Linux +3
NVD
CVSS 2.0
7.5
EPSS
6.9%
CVE-2014-8768 MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse Ubuntu Linux Solaris +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
28.3%
CVE-2014-0569 CRITICAL POC PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 89.0%.

Integer Overflow Adobe RCE Microsoft Flash Player +6
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
89.0%
Threat
6.0
CVE-2014-4656 MEDIUM PATCH This Month

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux Linux Kernel Linux Enterprise Server +7
NVD GitHub
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-4655 MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Linux Linux Kernel Linux Enterprise Server +1
NVD GitHub
CVSS 2.0
4.9
EPSS
0.0%
CVE-2014-4608 HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux Buffer Overflow Linux Kernel +4
NVD GitHub
CVSS 3.1
7.3
EPSS
8.6%
CVE-2014-3144 MEDIUM POC PATCH This Month

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 2.0
4.9
EPSS
0.1%
CVE-2014-1736 HIGH This Week

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google Microsoft Chrome
NVD VulDB
CVSS 2.0
7.5
EPSS
2.3%
CVE-2014-0497 CRITICAL POC KEV PATCH THREAT Act Now

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.1%
Threat
7.8
CVE-2013-6425 MEDIUM PATCH This Month

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman Ubuntu Linux Debian Linux +7
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2013-6424 MEDIUM PATCH This Month

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman Debian Linux Opensuse +1
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2013-1913 MEDIUM This Month

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Integer Overflow Gimp Enterprise Linux
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2013-5619 HIGH This Week

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Integer Overflow Opensuse Linux Enterprise Desktop +7
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2013-5058 MEDIUM POC PATCH This Month

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated medium severity (CVSS 6.9). Public exploit code available.

Buffer Overflow Microsoft Integer Overflow Windows 7 Windows 8 +8
NVD Exploit-DB
CVSS 2.0
6.9
EPSS
2.3%
CVE-2013-3940 CRITICAL PATCH Act Now

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 71.8%.

Denial Of Service Buffer Overflow Microsoft Integer Overflow RCE +10
NVD
CVSS 2.0
9.3
EPSS
71.8%
Threat
4.0
CVE-2013-6114 MEDIUM POC This Month

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Integer Overflow Motion
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
8.1%
CVE-2013-4391 HIGH POC PATCH This Week

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service Integer Overflow Systemd +1
NVD
CVSS 2.0
7.5
EPSS
3.7%
CVE-2013-2729 CRITICAL POC KEV PATCH THREAT Act Now

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow RCE
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
89.5%
Threat
7.6
CVE-2013-1317 CRITICAL Emergency

Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.8% and no vendor patch available.

RCE Microsoft Integer Overflow Publisher
NVD
CVSS 2.0
9.3
EPSS
64.8%
CVE-2013-2596 HIGH POC KEV PATCH THREAT Act Now

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Integer Overflow Buffer Overflow Google Linux
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
2.7%
Threat
4.6
CVE-2013-2555 CRITICAL Act Now

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Adobe Microsoft Integer Overflow RCE +9
NVD
CVSS 2.0
10.0
EPSS
7.1%
CVE-2013-0899 MEDIUM This Month

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Buffer Overflow Microsoft Integer Overflow +3
NVD
CVSS 2.0
5.0
EPSS
1.2%
CVE-2013-0891 HIGH This Week

Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Integer Overflow Opensuse +1
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-1591 CRITICAL POC PATCH Act Now

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Integer Overflow Enterprise Virtualization Enterprise Linux +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2013-0750 CRITICAL PATCH Act Now

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Buffer Overflow RCE Mozilla Integer Overflow Firefox +13
NVD
CVSS 2.0
9.3
EPSS
3.8%
CVE-2012-5143 CRITICAL Act Now

Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Integer Overflow Opensuse Chrome
NVD
CVSS 2.0
10.0
EPSS
1.7%
CVE-2012-5835 CRITICAL POC Act Now

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mozilla Denial Of Service Integer Overflow Firefox +12
NVD
CVSS 2.0
10.0
EPSS
0.9%
CVE-2012-5054 HIGH POC KEV THREAT Act Now

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
76.6%
Threat
7.1
CVE-2012-3481 MEDIUM This Month

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Denial Of Service Integer Overflow Gimp
NVD
CVSS 2.0
6.8
EPSS
3.8%
CVE-2012-3402 MEDIUM This Month

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Adobe Integer Overflow RCE +1
NVD
CVSS 2.0
6.8
EPSS
1.6%
CVE-2012-4025 MEDIUM This Month

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Integer Overflow Squashfs
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2012-2036 CRITICAL Act Now

Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Adobe Microsoft Integer Overflow RCE +9
NVD
CVSS 2.0
9.3
EPSS
4.5%
CVE-2012-1610 HIGH PATCH This Week

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Integer Overflow Imagemagick Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2012-1185 HIGH PATCH This Week

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Integer Overflow Imagemagick +3
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2012-0044 HIGH PATCH This Week

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Integer Overflow Linux Kernel +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2012-0038 MEDIUM PATCH This Month

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux Integer Overflow Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2009-0586 HIGH PATCH This Week

A critical integer overflow vulnerability exists in GStreamer's gst-plugins-base package before version 0.10.23, allowing remote attackers to execute arbitrary code through specially crafted COVERART tags in Vorbis audio files. The vulnerability triggers when base64-encoded cover art data causes an integer overflow during memory allocation, leading to a heap buffer overflow with full code execution potential. With an EPSS score of 2.82% (86th percentile) and patches available since 2009, this represents a high-severity but dated vulnerability that may still affect legacy systems.

Buffer Overflow RCE Integer Overflow
NVD VulDB
CVSS 2.0
7.5
EPSS
2.8%
CVE-2026-54679 MEDIUM PATCH This Month

jq, the command-line JSON processor, was patched in Alpine Linux with package version 1.8.2-r0. The specific vulnerability details - including the nature of the flaw, affected upstream jq versions, and precise impact - are not disclosed in the available intelligence. The sole data point is a vendor-sourced fix notification from Alpine Linux, making a full characterization of attacker capability and affected scope impossible at this time.

Information Disclosure Integer Overflow Jq
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-5449 MEDIUM PATCH This Month

libssh in Alpine Linux was patched at package version 0.11.2-r0, addressing an unspecified vulnerability tracked as CVE-2025-5449. The nature of the vulnerability - its root cause, attack vector, and impact - is not disclosed in available intelligence sources. The EPSS score of 0.52% (67th percentile) indicates moderate relative ranking among CVEs but low absolute exploitation probability. No active exploitation has been confirmed, and no public exploit code has been identified at time of analysis.

Information Disclosure Integer Overflow Libssh
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23775 HIGH This Week

Alpine Linux: mbedtls fixed in 2.28.7-r0

Information Disclosure Integer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
EPSS 6% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE +8
NVD
EPSS 6% CVSS 8.8
HIGH PATCH This Week

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE +8
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Fedora +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Debian Linux +2
NVD
EPSS 89% 7.9 CVSS 8.8
HIGH KEV PATCH THREAT Act Now

Remote code execution in Adobe Flash Player allows network attackers to execute arbitrary code via integer overflow exploitation. Confirmed actively exploited (CISA KEV) with 88.97% EPSS score indicating extremely high real-world exploitation probability. Affects Flash Player before 18.0.0.324/20.0.0.267, Adobe AIR before 20.0.0.233, and associated SDKs across Windows, OS X, and Linux platforms. Vendor-released patches available since December 2015.

Adobe Integer Overflow Microsoft +1
NVD VulDB
EPSS 2% CVSS 9.8
CRITICAL Act Now

PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library +1
NVD
EPSS 1% CVSS 7.3
HIGH This Week

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Perl Compatible Regular Expression Library +2
NVD
EPSS 50% CVSS 6.8
MEDIUM This Month

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 49.6% and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow +6
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux +5
NVD GitHub
EPSS 28% CVSS 9.3
CRITICAL PATCH Act Now

Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 28.0%.

Integer Overflow RCE Microsoft +9
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow +3
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Integer Overflow Denial Of Service Google +14
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Integer Overflow Adobe RCE +5
NVD
EPSS 5% CVSS 10.0
CRITICAL PATCH Act Now

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Adobe RCE +5
NVD
EPSS 5% CVSS 10.0
CRITICAL PATCH Act Now

Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Adobe RCE +5
NVD
EPSS 8% CVSS 7.5
HIGH PATCH Act Now

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Buffer Overflow +6
NVD
EPSS 33% CVSS 6.8
MEDIUM POC THREAT This Month

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 32.9%.

Integer Overflow RCE Buffer Overflow +5
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google +7
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Buffer Overflow Jbcrypt +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Vtscada
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow RCE Buffer Overflow +4
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow +5
NVD
EPSS 28% CVSS 5.0
MEDIUM POC THREAT This Month

Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.3%.

Integer Overflow Denial Of Service Opensuse +3
NVD Exploit-DB
EPSS 89% 6.0 CVSS 9.3
CRITICAL POC PATCH THREAT Act Now

Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 89.0%.

Integer Overflow Adobe RCE +8
NVD Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Linux +9
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Linux +3
NVD GitHub
EPSS 9% CVSS 7.3
HIGH PATCH This Week

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Linux +6
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Linux +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Google +2
NVD VulDB
EPSS 93% 7.8 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow Microsoft +1
NVD Exploit-DB VulDB
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman +9
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Integer Overflow Pixman +3
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in the load_image function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier, when used with glib before 2.24, allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Denial Of Service Integer Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Integer Overflow +9
NVD
EPSS 2% CVSS 6.9
MEDIUM POC PATCH This Month

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1,. Rated medium severity (CVSS 6.9). Public exploit code available.

Buffer Overflow Microsoft Integer Overflow +10
NVD Exploit-DB
EPSS 72% 4.0 CVSS 9.3
CRITICAL PATCH Act Now

Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 71.8%.

Denial Of Service Buffer Overflow Microsoft +12
NVD
EPSS 8% CVSS 5.0
MEDIUM POC This Month

Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Apple Integer Overflow +1
NVD Exploit-DB
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Denial Of Service +3
NVD
EPSS 90% 7.6 CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow RCE
NVD GitHub Exploit-DB VulDB
EPSS 65% CVSS 9.3
CRITICAL Emergency

Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 64.8% and no vendor patch available.

RCE Microsoft Integer Overflow +1
NVD
EPSS 3% 4.6 CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Integer Overflow Buffer Overflow Google +1
NVD GitHub VulDB
EPSS 7% CVSS 10.0
CRITICAL Act Now

Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Adobe Microsoft +11
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Buffer Overflow +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Integer overflow in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service or possibly have unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4 and possibly other products, has unspecified impact and context-dependent attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Integer Overflow +3
NVD
EPSS 4% CVSS 9.3
CRITICAL PATCH Act Now

Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Buffer Overflow RCE Mozilla +15
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Integer Overflow +2
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mozilla Denial Of Service +14
NVD
EPSS 77% 7.1 CVSS 8.8
HIGH POC KEV THREAT Act Now

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Integer Overflow RCE
NVD VulDB
EPSS 4% CVSS 6.8
MEDIUM This Month

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Adobe +3
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 4% CVSS 9.3
CRITICAL Act Now

Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Adobe Microsoft +11
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Integer Overflow +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Linux +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A critical integer overflow vulnerability exists in GStreamer's gst-plugins-base package before version 0.10.23, allowing remote attackers to execute arbitrary code through specially crafted COVERART tags in Vorbis audio files. The vulnerability triggers when base64-encoded cover art data causes an integer overflow during memory allocation, leading to a heap buffer overflow with full code execution potential. With an EPSS score of 2.82% (86th percentile) and patches available since 2009, this represents a high-severity but dated vulnerability that may still affect legacy systems.

Buffer Overflow RCE Integer Overflow
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

jq, the command-line JSON processor, was patched in Alpine Linux with package version 1.8.2-r0. The specific vulnerability details - including the nature of the flaw, affected upstream jq versions, and precise impact - are not disclosed in the available intelligence. The sole data point is a vendor-sourced fix notification from Alpine Linux, making a full characterization of attacker capability and affected scope impossible at this time.

Information Disclosure Integer Overflow Jq
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

libssh in Alpine Linux was patched at package version 0.11.2-r0, addressing an unspecified vulnerability tracked as CVE-2025-5449. The nature of the vulnerability - its root cause, attack vector, and impact - is not disclosed in available intelligence sources. The EPSS score of 0.52% (67th percentile) indicates moderate relative ranking among CVEs but low absolute exploitation probability. No active exploitation has been confirmed, and no public exploit code has been identified at time of analysis.

Information Disclosure Integer Overflow Libssh
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Alpine Linux: mbedtls fixed in 2.28.7-r0

Information Disclosure Integer Overflow
NVD VulDB
Prev Page 31 of 31

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy