Skip to main content

Integer Overflow

memory MEDIUM

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store.

How It Works

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store. In C/C++, this causes the value to "wrap around" to a small number—for example, if a 32-bit unsigned integer at maximum value (4,294,967,295) has 1 added, it wraps to 0. Attackers exploit this by providing carefully crafted input values that, when used in calculations, produce unexpectedly small results.

The most dangerous scenario involves memory allocation. An attacker supplies large values that overflow during size calculations (often when adding header sizes, element counts, or alignment padding), producing a small allocation size. When the program later writes the originally intended large amount of data into this undersized buffer, a heap overflow occurs. For instance: size = user_count * sizeof(struct) + header might overflow if user_count is sufficiently large, resulting in malloc() allocating a tiny buffer that subsequent operations overflow.

Integer overflows also enable logic bypasses. Length checks can be circumvented when overflowed values appear to pass validation. Loop bounds may become incorrect, causing excessive iterations or premature termination. Signed integer overflow (technically undefined behavior in C/C++) can flip positive values to negative, bypassing security checks that assume non-negative numbers.

Impact

  • Heap buffer overflow: Undersized allocations lead to memory corruption, enabling arbitrary code execution
  • Authentication bypass: Overflowed counters or size checks may skip security validations
  • Denial of service: Invalid memory operations cause crashes or infinite loops
  • Information disclosure: Incorrect bounds allow reading beyond intended memory regions
  • Privilege escalation: Combined with memory corruption, can compromise system integrity

Real-World Examples

The OpenSSH authentication bypass (CVE-2002-0639) involved an integer overflow in challenge-response handling where the number of responses could overflow, allowing authentication bypass. The overflow caused allocation of insufficient memory, which subsequent code exploited to execute arbitrary code.

ImageMagick suffered multiple integer overflow vulnerabilities (CVE-2016-3714 and related) where maliciously crafted image files with extreme dimension values caused size calculations to overflow. This resulted in small heap allocations followed by large writes, enabling remote code execution through image processing.

The Linux kernel's do_brk() function (CVE-2003-0961) contained an integer overflow when calculating memory region sizes. Attackers could wrap the size value to bypass length checks and map memory at arbitrary locations, achieving local privilege escalation.

Mitigation

  • Safe arithmetic libraries: Use compiler intrinsics (__builtin_add_overflow) or libraries (SafeInt, Rust's checked arithmetic) that detect overflow
  • Pre-calculation validation: Check that operands won't overflow before performing arithmetic operations
  • Compiler protections: Enable -ftrapv (GCC) or /RTCc (MSVC) to trap signed overflow; use UBSan for detection
  • Use larger types: Perform calculations in 64-bit integers when operands are 32-bit, verify result fits before casting down
  • Input validation: Enforce maximum reasonable values on user input before arithmetic
  • Modern languages: Use languages with overflow checking (Rust, Swift) or arbitrary precision integers (Python, Java BigInteger)

Recent CVEs (2762)

EPSS 1% CVSS 6.5
MEDIUM This Month

Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Microsoft +8
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libass
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ros Comm
NVD GitHub
EPSS 28% CVSS 7.2
HIGH This Week

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow Data Plane Development Kit +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An integer overflow was discovered in YGOPro ygocore v13.51. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Ygocore
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC PATCH This Month

Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Buffer Overflow Integer Overflow +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In libavb, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Mediaserver, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libstagefright, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Information Disclosure +2
NVD
EPSS 69% CVSS 7.8
HIGH POC THREAT This Week

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in X.Org Server before xorg-x11-server 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Privilege Escalation Integer Overflow +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A flaw was found in xorg-x11-server before 1.20.9. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Integer Overflow X Server +2
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in the http crate before 0.1.20 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Http
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An integer overflow vulnerability leading to a double-free was found in libX11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Libx11 +1
NVD GitHub
EPSS 2% CVSS 4.3
MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Integer Overflow +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +50
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow +19
NVD
EPSS 0% CVSS 7.8
HIGH This Week

u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +61
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Integer Overflow +63
NVD
EPSS 0% CVSS 3.8
LOW PATCH Monitor

In QEMU through 5.0.0, an integer overflow was found in the SM501 display driver implementation. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
EPSS 0% CVSS 8.2
HIGH This Week

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Integer Overflow Parallels Desktop
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Huawei Integer Overflow +1
NVD
EPSS 4% CVSS 5.3
MEDIUM POC PATCH This Month

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Lua +2
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Horndis
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Red Hat Integer Overflow +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Grub2 +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. Rated medium severity (CVSS 6.4). No vendor patch available.

Buffer Overflow Integer Overflow Grub2 +1
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zoho RCE +2
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Integer Overflow +1
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Ghostscript +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Oracle Integer Overflow +2
NVD
EPSS 24% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Integer Overflow +8
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

An integer underflow vulnerability in the dnsproxyd component of the PAN-OS management interface allows authenticated administrators to issue a command from the command line interface that causes the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Paloalto Integer Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Data is truncated wrong when its length is greater than 255 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Node Bcrypt Js
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Mbed Coap
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in LibVNCServer before 0.9.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Libvncserver +8
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
EPSS 2% CVSS 6.3
MEDIUM POC This Month

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Integer Overflow Tcp Ip
NVD
EPSS 3% CVSS 7.3
HIGH POC This Week

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Tcp Ip
NVD
EPSS 3% CVSS 7.7
HIGH PATCH This Week

An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Redis +4
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pcre +14
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Libemf +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Integer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +5
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Integer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation +2
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow RCE +2
NVD
EPSS 14% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Microsoft Integer Overflow +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow was addressed through improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple RCE Integer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

An issue was discovered in the Linux kernel 4.4 through 5.7.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A remote adversary with the ability to send arbitrary CoAP packets to be parsed by Zephyr is able to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Zephyr
NVD GitHub
EPSS 5% CVSS 8.6
HIGH PATCH This Week

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +16
NVD GitHub
EPSS 11% CVSS 8.2
HIGH PATCH This Week

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Perl +14
NVD GitHub
EPSS 3% CVSS 7.7
HIGH POC PATCH This Week

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Canonical Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow +38
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Freerdp +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Sqlite +14
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 19.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Data Plane Development Kit +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.11 and above. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Information Disclosure Integer Overflow Data Plane Development Kit +2
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A memory corruption issue was found in DPDK versions 17.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit +5
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A vulnerability was found in DPDK versions 18.05 and above. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Data Plane Development Kit +5
NVD
EPSS 42% CVSS 7.8
HIGH POC THREAT This Week

An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Integer Overflow Nitro Pro
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 2% CVSS 6.6
MEDIUM POC PATCH This Month

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Integer Overflow Freerdp +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Integer Overflow +4
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Denial Of Service +2
NVD GitHub
EPSS 2% CVSS 7.8
HIGH POC This Week

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Json C +4
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Integer Overflow +1
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Denial Of Service Integer Overflow Qemu
NVD
EPSS 1% CVSS 5.5
MEDIUM POC PATCH This Month

bson before 0.8 incorrectly uses int rather than size_t for many variables, parameters, and return values. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Whoopsie +1
NVD GitHub
EPSS 27% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in Squid before 5.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

RCE Integer Overflow Squid +4
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Integer Overflow Ndpi
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Fbx Software Development Kit
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Integer Overflow +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in OpenEXR before 2.4.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Openexr +10
NVD GitHub
Prev Page 18 of 31 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
2762

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy