CVE Daily
← All tags

Tag: Integer Overflow

All CVEs associated with "Integer Overflow". Page 28/35 • 4108 CVEs.

Subscribe CVEs: RSS for “Integer Overflow”  ·  RSS (High+Critical only)

About “Integer Overflow”

A curated feed of “Integer Overflow”-related CVEs appears below. We currently track 4108 CVEs for this tag (all time). In the last 365 days, 489 were published. Average CVSS is 7.5 (all time; 7.2 over 365d), and 70% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-190 - Integer Overflow or Wraparound, CWE-191 - Integer Underflow (Wrap or Wraparound), CWE-472 - External Control of Assumed-Immutable Web Parameter.

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2012-11-11
Medium

CVE-2012-4564

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM ima…

CVSS: 6.8 CWE: N/A View on NVD
2012-11-07
High

CVE-2012-5127

Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

CVSS: 7.5 CWE: CWE-189 View on NVD
2012-10-09
High

CVE-2012-2529

Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users…

CVSS: 7.2 CWE: CWE-189 View on NVD
2012-09-28
Critical

CVE-2012-0417

Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vect…

CVSS: 10.0 CWE: CWE-189 View on NVD
2012-09-26
High

CVE-2012-2896

Integer overflow in the WebGL implementation in Google Chrome before 22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknow…

CVSS: 7.5 CWE: CWE-189 View on NVD
2012-09-25
Low

CVE-2011-4623

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial o…

CVSS: 2.1 CWE: CWE-189 View on NVD
2012-09-24
High

CVE-2012-5054

Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-09-19
Critical

CVE-2012-0271

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitr…

CVSS: 10.0 CWE: CWE-189 View on NVD
2012-09-18
Medium

CVE-2012-4405

Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remo…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-09-06
Medium

CVE-2012-1584

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header…

CVSS: 4.3 CWE: CWE-189 View on NVD
2012-09-05
Medium

CVE-2012-3509

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to c…

CVSS: 5.0 CWE: CWE-189 View on NVD
2012-08-30
Critical

CVE-2012-3253

Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer ov…

CVSS: 10.0 CWE: N/A View on NVD
2012-08-29
Critical

CVE-2012-3969

Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaM…

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-08-27
Medium

CVE-2012-3418

libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2012-0849

Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a c…

CVSS: 4.3 CWE: CWE-189 View on NVD
2012-08-26
Medium

CVE-2012-1175

Integer overflow in the GnashImage::size method in libbase/GnashImage.h in GNU Gnash 0.8.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a craf…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-08-25
Medium

CVE-2012-3481

Integer overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (applicati…

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2012-3480

Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users t…

CVSS: 4.6 CWE: CWE-189 View on NVD
Medium

CVE-2012-3402

Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD plugin in GIMP 2.2.13 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a c…

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-08-21
Critical

CVE-2012-4167

Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android…

CVSS: 10.0 CWE: CWE-189 View on NVD
2012-08-20
Medium

CVE-2011-4352

Integer overflow in the vp3_dequant function in the VP3 decoder (vp3.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-08-16
Low

CVE-2012-4288

Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote att…

CVSS: 3.3 CWE: CWE-189 View on NVD
2012-08-15
Critical

CVE-2012-2523

Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculatio…

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-08-13
Medium

CVE-2012-2370

Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) hei…

CVSS: 5.0 CWE: CWE-189 View on NVD
2012-08-06
High

CVE-2010-5139

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction.

CVSS: 7.5 CWE: CWE-189 View on NVD
Medium

CVE-2012-2851

Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-07-25
Medium

CVE-2012-2677

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overfl…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2012-2676

Multiple integer overflows in the (1) malloc and (2) calloc functions in Hoard before 3.9 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows on…

CVSS: 4.3 CWE: CWE-189 View on NVD
Medium

CVE-2012-2675

Multiple integer overflows in the (1) CallMalloc (malloc) and (2) nedpcalloc (calloc) functions in nedmalloc (nedmalloc.c) before 1.10 beta2 make it easier for context-dependent attackers to perform…

CVSS: 4.3 CWE: CWE-189 View on NVD
Medium

CVE-2012-2674

Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make…

CVSS: 4.3 CWE: CWE-189 View on NVD
Medium

CVE-2012-2673

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) bef…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2006-7252

Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such a…

CVSS: 5.0 CWE: CWE-189 View on NVD
Medium

CVE-2005-4895

Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large siz…

CVSS: 5.0 CWE: CWE-189 View on NVD
2012-07-22
Medium

CVE-2012-2113

Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, whi…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-07-19
Medium

CVE-2012-4025

Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock…

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-07-13
Medium

CVE-2012-2845

Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain p…

CVSS: 6.4 CWE: CWE-189 View on NVD
High

CVE-2012-2841

Integer underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involvin…

CVSS: 7.5 CWE: CWE-189 View on NVD
2012-07-12
Medium

CVE-2012-1163

Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-07-07
High

CVE-2012-2386

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash)…

CVSS: 7.5 CWE: CWE-189 View on NVD
2012-06-30
Low

CVE-2012-3826

Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vul…

CVSS: 3.3 CWE: CWE-189 View on NVD
Low

CVE-2012-3825

Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) BACapp and (2) Bl…

CVSS: 3.3 CWE: CWE-189 View on NVD
2012-06-27
Critical

CVE-2012-2834

Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.

CVSS: 9.3 CWE: CWE-189 View on NVD
Medium

CVE-2012-2828

Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted do…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-06-25
Medium

CVE-2012-3793

Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash)…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2012-06-21
High

CVE-2011-4913

The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel before 2.6.39 does not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allows remote attackers to (1) c…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2011-1476

Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service (memory corruption) by le…

CVSS: 4.0 CWE: CWE-189 View on NVD
High

CVE-2012-2149

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted…

CVSS: 7.5 CWE: CWE-189 View on NVD
High

CVE-2012-1149

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application c…

CVSS: 7.5 CWE: CWE-189 View on NVD
2012-06-19
Medium

CVE-2012-2334

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-06-13
Medium

CVE-2012-2384

Integer overflow in the i915_gem_do_execbuffer function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platfo…

CVSS: 4.9 CWE: CWE-189 View on NVD
Medium

CVE-2012-2383

Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platform…

CVSS: 4.9 CWE: CWE-189 View on NVD
Medium

CVE-2011-2496

Integer overflow in the vma_to_resize function in mm/mremap.c in the Linux kernel before 2.6.39 allows local users to cause a denial of service (BUG_ON and system crash) via a crafted mremap system c…

CVSS: 4.9 CWE: CWE-189 View on NVD
Medium

CVE-2011-1759

Integer overflow in the sys_oabi_semtimedop function in arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 2.6.39 on the ARM platform, when CONFIG_OABI_COMPAT is enabled, allows local users…

CVSS: 6.2 CWE: CWE-189 View on NVD
2012-06-12
High

CVE-2012-1867

Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold…

CVSS: 8.4 CWE: CWE-399 View on NVD
2012-06-09
Critical

CVE-2012-2036

Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android…

CVSS: 9.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-06-07
Medium

CVE-2011-2911

Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a cr…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-06-05
High

CVE-2012-1610

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component cou…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2012-1186

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in…

CVSS: 5.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
High

CVE-2012-1185

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execu…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-06-04
Medium

CVE-2012-1173

Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTile…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-05-25
Critical

CVE-2012-2428

Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.

CVSS: 10.0 CWE: CWE-189 View on NVD
2012-05-18
Medium

CVE-2012-2322

Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value…

CVSS: 5.0 CWE: CWE-189 View on NVD
2012-05-17
High

CVE-2012-0044

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privi…

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2012-0038

Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c in the Linux kernel before 3.1.9 allows local users to cause a denial of service (panic) via a filesystem with a malformed ACL,…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-4611

Integer overflow in the perf_event_interrupt function in arch/powerpc/kernel/perf_event.c in the Linux kernel before 2.6.39 on powerpc platforms allows local users to cause a denial of service (unhan…

CVSS: 4.9 CWE: CWE-189 View on NVD
Medium

CVE-2011-4097

Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termi…

CVSS: 5.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-05-16
Critical

CVE-2012-0670

Integer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted sean atom in a movie file.

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-05-14
Medium

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of serv…

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-05-11
High

CVE-2012-0662

Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via…

CVSS: 7.5 CWE: CWE-189 View on NVD
Medium

CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

CVSS: 6.8 CWE: CWE-189 View on NVD
2012-05-09
Critical

CVE-2012-0685

Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684.

CVSS: 9.3 CWE: CWE-189 View on NVD
Critical

CVE-2012-0684

Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685.

CVSS: 9.3 CWE: CWE-189 View on NVD
Medium

CVE-2011-4031

Integer underflow in the asfrtp_parse_packet function in libavformat/rtpdec_asf.c in FFmpeg before 0.8.3 allows remote attackers to execute arbitrary code via a crafted ASF packet.

CVSS: 6.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2012-04-20
Medium

CVE-2012-0407

Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value…

CVSS: 5.0 CWE: CWE-189 View on NVD
2012-04-10
Critical

CVE-2012-0774

Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.

CVSS: 10.0 CWE: CWE-189 View on NVD
2012-04-03
Critical

CVE-2011-4043

Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code via a large valu…

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-03-08
Critical

CVE-2012-0642

Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-02-24
Critical

CVE-2012-1206

Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module…

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-02-18
Critical

CVE-2012-1197

Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-bas…

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-02-16
Medium

CVE-2011-3026

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigge…

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-3015

Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2012-02-07
Medium

CVE-2012-1003

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3)…

CVSS: 5.0 CWE: CWE-189 View on NVD
2012-02-02
High

CVE-2011-3453

Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted…

CVSS: 7.5 CWE: CWE-189 View on NVD
2012-01-23
Critical

CVE-2012-0192

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PN…

CVSS: 9.3 CWE: CWE-189 View on NVD
2012-01-19
Critical

CVE-2011-4374

Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2012-0268

Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafte…

CVSS: 5.1 CWE: CWE-189 View on NVD
2011-12-31
High

CVE-2011-1710

Multiple integer overflows in the HTTP server in the Novell XTier framework 3.1.8 allow remote attackers to cause a denial of service (service crash) or possibly execute arbitrary code via crafted he…

CVSS: 7.5 CWE: CWE-189 View on NVD
2011-12-25
High

CVE-2011-5008

Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-bas…

CVSS: 7.5 CWE: CWE-189 View on NVD
2011-12-16
Critical

CVE-2011-3834

Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) t…

CVSS: 9.3 CWE: CWE-189 View on NVD
2011-11-29
Medium

CVE-2011-4566

Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations…

CVSS: 6.4 CWE: CWE-189 View on NVD
2011-11-24
Critical

CVE-2011-4259

Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.

CVSS: 9.3 CWE: CWE-189 View on NVD
2011-11-08
Critical

CVE-2011-2013

Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by…

CVSS: 9.8 CWE: CWE-189 View on NVD
Medium

CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to ga…

CVSS: 4.4 CWE: CWE-189 View on NVD
2011-10-28
Critical

CVE-2011-3250

Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

CVSS: 9.3 CWE: CWE-189 View on NVD
Critical

CVE-2011-3247

Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.

CVSS: 9.3 CWE: CWE-189 View on NVD
2011-09-30
Critical

CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a l…

CVSS: 10.0 CWE: CWE-189 View on NVD
2011-09-16
Medium

CVE-2011-3501

Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote attackers to cause a denial of service (crash) via a negative or large Content-Length value.

CVSS: 5.0 CWE: CWE-189 View on NVD
2011-09-02
Critical

CVE-2011-1944

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibl…

CVSS: 9.3 CWE: CWE-189 View on NVD
2011-08-29
High

CVE-2011-2497

Integer underflow in the l2cap_config_req function in net/bluetooth/l2cap_core.c in the Linux kernel before 3.0 allows remote attackers to cause a denial of service (heap memory corruption) or possib…

CVSS: 8.3 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2011-2829

Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform…

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2011-08-19
Critical

CVE-2011-0547

Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS)…

CVSS: 10.0 CWE: CWE-189 View on NVD
2011-08-15
Critical

CVE-2011-0256

Integer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted track run atoms in a QuickTime movie file.

CVSS: 9.3 CWE: CWE-189 View on NVD
2011-08-12
Medium

CVE-2011-1583

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravir…

CVSS: 6.9 CWE: CWE-189 View on NVD
2011-08-10
Critical

CVE-2011-2416

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1…

CVSS: 10.0 CWE: CWE-189 View on NVD
Critical

CVE-2011-2138

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1…

CVSS: 10.0 CWE: CWE-189 View on NVD
Critical

CVE-2011-2136

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1…

CVSS: 10.0 CWE: CWE-189 View on NVD
Medium

CVE-2011-2511

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call t…

CVSS: 4.0 CWE: CWE-189 View on NVD
2011-07-27
Medium

CVE-2011-2696

Integer overflow in libsndfile before 1.0.25 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PARIS Audio Format (PAF) file th…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2011-07-13
High

CVE-2011-1870

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or…

CVSS: 7.2 CWE: CWE-189 View on NVD
High

CVE-2011-1284

Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 200…

CVSS: 7.2 CWE: CWE-189 View on NVD
2011-06-30
Critical

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arb…

CVSS: 10.0 CWE: CWE-189 View on NVD
2011-06-24
Critical

CVE-2011-2194

Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unsp…

CVSS: 9.3 CWE: CWE-189 View on NVD
Critical

CVE-2011-1908

Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…

CVSS: 9.3 CWE: CWE-189 View on NVD
High

CVE-2011-1770

Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control P…

CVSS: 7.5 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
Medium

CVE-2011-0211

Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-0209

Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.

CVSS: 6.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
Medium

CVE-2011-0202

Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font…

CVSS: 6.8 CWE: CWE-189 View on NVD
Medium

CVE-2011-0200

Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embe…

CVSS: 6.8 CWE: CWE-189 View on NVD
2011-06-16
Critical

CVE-2011-2123

Integer overflow in the Shockwave 3D Asset x32 component in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code via a crafted subrecord in a DEMX chunk, which t…

CVSS: 9.3 CWE: CWE-189 View on NVD