Skip to main content

Integer Overflow

memory MEDIUM

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store.

How It Works

Integer overflow occurs when an arithmetic operation produces a result that exceeds the maximum value a given integer type can store. In C/C++, this causes the value to "wrap around" to a small number—for example, if a 32-bit unsigned integer at maximum value (4,294,967,295) has 1 added, it wraps to 0. Attackers exploit this by providing carefully crafted input values that, when used in calculations, produce unexpectedly small results.

The most dangerous scenario involves memory allocation. An attacker supplies large values that overflow during size calculations (often when adding header sizes, element counts, or alignment padding), producing a small allocation size. When the program later writes the originally intended large amount of data into this undersized buffer, a heap overflow occurs. For instance: size = user_count * sizeof(struct) + header might overflow if user_count is sufficiently large, resulting in malloc() allocating a tiny buffer that subsequent operations overflow.

Integer overflows also enable logic bypasses. Length checks can be circumvented when overflowed values appear to pass validation. Loop bounds may become incorrect, causing excessive iterations or premature termination. Signed integer overflow (technically undefined behavior in C/C++) can flip positive values to negative, bypassing security checks that assume non-negative numbers.

Impact

  • Heap buffer overflow: Undersized allocations lead to memory corruption, enabling arbitrary code execution
  • Authentication bypass: Overflowed counters or size checks may skip security validations
  • Denial of service: Invalid memory operations cause crashes or infinite loops
  • Information disclosure: Incorrect bounds allow reading beyond intended memory regions
  • Privilege escalation: Combined with memory corruption, can compromise system integrity

Real-World Examples

The OpenSSH authentication bypass (CVE-2002-0639) involved an integer overflow in challenge-response handling where the number of responses could overflow, allowing authentication bypass. The overflow caused allocation of insufficient memory, which subsequent code exploited to execute arbitrary code.

ImageMagick suffered multiple integer overflow vulnerabilities (CVE-2016-3714 and related) where maliciously crafted image files with extreme dimension values caused size calculations to overflow. This resulted in small heap allocations followed by large writes, enabling remote code execution through image processing.

The Linux kernel's do_brk() function (CVE-2003-0961) contained an integer overflow when calculating memory region sizes. Attackers could wrap the size value to bypass length checks and map memory at arbitrary locations, achieving local privilege escalation.

Mitigation

  • Safe arithmetic libraries: Use compiler intrinsics (__builtin_add_overflow) or libraries (SafeInt, Rust's checked arithmetic) that detect overflow
  • Pre-calculation validation: Check that operands won't overflow before performing arithmetic operations
  • Compiler protections: Enable -ftrapv (GCC) or /RTCc (MSVC) to trap signed overflow; use UBSan for detection
  • Use larger types: Perform calculations in 64-bit integers when operands are 32-bit, verify result fits before casting down
  • Input validation: Enforce maximum reasonable values on user input before arithmetic
  • Modern languages: Use languages with overflow checking (Rust, Swift) or arbitrary precision integers (Python, Java BigInteger)

Recent CVEs (2762)

EPSS 1% CVSS 7.5
HIGH This Week

On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Integer Overflow +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Libmicrodns +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Graphicsmagick +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Parallels Desktop
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow RCE +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow International Components For Unicode +10
NVD GitHub
EPSS 31% CVSS 7.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Integer Overflow Reader +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Buffer Overflow Integer Overflow +8
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Denial Of Service Cisco +6
NVD
EPSS 3% CVSS 8.2
HIGH POC This Week

An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Pillow +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ros Comm
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Libiec61850
NVD GitHub
EPSS 4% CVSS 8.8
HIGH This Week

Multiple memory corruption issues were addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Microsoft +9
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Device memory may get corrupted because of buffer overflow/underflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +48
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper check in video driver while processing data from video firmware can lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +43
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +15
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Integer overflow in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Integer Overflow Intel +19
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An exploitable heap underflow vulnerability exists in the derive_taps_and_gains function in kdu_v7ar.dll of Kakadu Software SDK 7.10.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Kakadu Software
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Sppa T3000 Ms3000 Migration Server
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +39
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Lack of check of data truncation on user supplied data in kernel leads to buffer overflow in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Buffer Overflow +36
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Fig2Dev +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Leadtools
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

An exploitable code execution vulnerability exists in the DICOM packet-parsing functionality of LEADTOOLS libltdic.so, version 20.0.2019.3.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Leadtools
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +7
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in libsixel 1.8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Libsixel
NVD GitHub
EPSS 14% CVSS 5.3
MEDIUM PATCH This Month

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

OpenSSL Integer Overflow Buffer Overflow +8
NVD
EPSS 3% CVSS 7.8
HIGH POC This Week

In radare2 through 4.0, there is an integer overflow for the variable new_token_size in the function r_asm_massemble at libr/asm/asm.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow RCE +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Integer Overflow Linux +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE P30 Firmware
NVD
EPSS 1% CVSS 7.8
HIGH This Week

P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE P30 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Denial Of Service Integer Overflow Linux +17
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Leadtools
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Leadtools
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Possible Integer overflow because of subtracting two integers without checking if the result would overflow or not in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Qualcomm Buffer Overflow +46
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow +30
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An integer overflow was discovered in the CoAP library in Arm Mbed OS 5.14.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mbed
NVD GitHub
EPSS 4% CVSS 8.1
HIGH POC PATCH This Week

In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Integer Overflow Libssh2 +9
NVD GitHub
EPSS 3% CVSS 8.8
HIGH PATCH This Week

tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libtiff +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Binutils +2
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

SSH Integer Overflow RCE +6
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Session Initiation Protocol (SIP) inspection module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Cisco +3
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

The Imagination Technologies driver for Chrome OS before R74-11895.B, R75 before R75-12105.B, and R76 before R76-12208.0.0 allows attackers to trigger an Integer Overflow and gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Integer Overflow Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images.19.143 and WhatsApp for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Apple +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Bluetooth, there is a possible crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Denial Of Service +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libFDK, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libFDK, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libAACdec, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

In libexif, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Integer Overflow Privilege Escalation +6
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Bluetooth, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

In libmediaextractor there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow RCE +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Integer overflow vulnerability in LINE(Android) from 4.4.0 to the version before 9.15.1 allows remote attackers to cause a denial of service (DoS) condition or execute arbitrary code via a specially. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Denial Of Service +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Integer overflow vulnerability in apng-drawable 1.0.0 to 1.6.0 allows an attacker to cause a denial of service (DoS) condition or execute arbitrary code via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow RCE +1
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Sysstat +4
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Kilo
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Integer Overflow Privilege Escalation +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ubuntu Linux
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Clara Genomics Analysis
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

libZetta.rs through 0.1.2 has an integer overflow in the zpool parser (for error stats) that leads to a panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libzetta Rs
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Various Lexmark products have an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Cs31X Firmware +70
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in Suricata 4.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Integer Overflow Suricata
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Adobe +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Adobe +2
NVD
Prev Page 19 of 31 Next

Quick Facts

Typical Severity
MEDIUM
Category
memory
Total CVEs
2762

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy