Skip to main content

Integer Overflow

memory MEDIUM

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store.

How It Works

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store. In C/C++, this causes the value to "wrap around" to a small number—for example, if a 32-bit unsigned integer at maximum value (4,294,967,295) has 1 added, it wraps to 0. Attackers exploit this by providing carefully crafted input values that, when used in calculations, produce unexpectedly small results.

The most dangerous scenario involves memory allocation. An attacker supplies large values that overflow during size calculations (often when adding header sizes, element counts, or alignment padding), producing a small allocation size. When the program later writes the originally intended large amount of data into this undersized buffer, a heap overflow occurs. For instance: size = user_count * sizeof(struct) + header might overflow if user_count is sufficiently large, resulting in malloc() allocating a tiny buffer that subsequent operations overflow.

Integer overflows also enable logic bypasses. Length checks can be circumvented when overflowed values appear to pass validation. Loop bounds may become incorrect, causing excessive iterations or premature termination. Signed integer overflow (technically undefined behavior in C/C++) can flip positive values to negative, bypassing security checks that assume non-negative numbers.

Impact

  • Heap buffer overflow: Undersized allocations lead to memory corruption, enabling arbitrary code execution
  • Authentication bypass: Overflowed counters or size checks may skip security validations
  • Denial of service: Invalid memory operations cause crashes or infinite loops
  • Information disclosure: Incorrect bounds allow reading beyond intended memory regions
  • Privilege escalation: Combined with memory corruption, can compromise system integrity

Real-World Examples

The OpenSSH authentication bypass (CVE-2002-0639) involved an integer overflow in challenge-response handling where the number of responses could overflow, allowing authentication bypass. The overflow caused allocation of insufficient memory, which subsequent code exploited to execute arbitrary code.

ImageMagick suffered multiple integer overflow vulnerabilities (CVE-2016-3714 and related) where maliciously crafted image files with extreme dimension values caused size calculations to overflow. This resulted in small heap allocations followed by large writes, enabling remote code execution through image processing.

The Linux kernel's do_brk() function (CVE-2003-0961) contained an integer overflow when calculating memory region sizes. Attackers could wrap the size value to bypass length checks and map memory at arbitrary locations, achieving local privilege escalation.

Mitigation

  • Safe arithmetic libraries: Use compiler intrinsics (__builtin_add_overflow) or libraries (SafeInt, Rust's checked arithmetic) that detect overflow
  • Pre-calculation validation: Check that operands won't overflow before performing arithmetic operations
  • Compiler protections: Enable -ftrapv (GCC) or /RTCc (MSVC) to trap signed overflow; use UBSan for detection
  • Use larger types: Perform calculations in 64-bit integers when operands are 32-bit, verify result fits before casting down
  • Input validation: Enforce maximum reasonable values on user input before arithmetic
  • Modern languages: Use languages with overflow checking (Rust, Swift) or arbitrary precision integers (Python, Java BigInteger)

Recent CVEs (2762)

EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

gnark is a zk-SNARK library that offers a high-level API to design circuits. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Canonical +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

LibTIFF is vulnerable to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vpu, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In rpmb , there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Mozilla +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow +1
NVD
EPSS 10% CVSS 7.5
HIGH PATCH This Week

DHCP Server Service Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Windows Server 2012 +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +2
NVD
EPSS 7% CVSS 7.8
HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Net Framework +4
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow +6
NVD
EPSS 1% CVSS 8.7
HIGH This Week

The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Simatic Cloud Connect 7 Cc712 Firmware +77
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow +1
NVD
EPSS 1% CVSS 8.6
HIGH This Week

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Mozilla +5
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An issue was discovered in Exynos Mobile Processor 980 and 2100. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in Audio while validating and mapping metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qca6391 Firmware +30
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Vim +1
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Apache Buffer Overflow +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Apache Denial Of Service +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Rizin
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ntsc Crt
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Ubiquiti +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +12
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +12
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Microsoft +12
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +3
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Microsoft +11
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +12
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Microsoft Message Queuing Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +12
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Windows Fax Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +12
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory corruption while allocating memory in COmxApeDec module in Audio. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Modem Firmware +182
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in Audio while playing amrwbplus clips with modified content. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Apq8009 Firmware +171
NVD
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ethereum Name Service
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Freebsd +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Denial Of Service Ghostscript
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple +5
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +7
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft DirectMusic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +12
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +12
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Microsoft RCE +3
NVD VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Raw Image Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Raw Image Extension
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Memory Corruption in Audio while allocating the ion buffer during the music playback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Firmware +199
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Alias +16
NVD
EPSS 52% CVSS 7.8
HIGH KEV THREAT This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Publisher Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Libjxl
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Java Buffer Overflow +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Java Denial Of Service +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Microsoft +12
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Windows Server 2012 +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Windows Authentication Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +12
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Renderdoc
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Renderdoc
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A vulnerability was found in libcap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcap +3
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick +4
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Connect Iq
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Sysstat +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Vyper
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Vim
NVD GitHub
EPSS 25% CVSS 7.8
HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +8
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Windows iSCSI Target Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft +13
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Maradns +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple +5
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE One Firmware +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Antivirus
NVD
Prev Page 12 of 31 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
2762

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy