Vulnerabilities (CVE)

Filtered by CWE-190
Total 2652 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-23016 2025-04-24 N/A 9.3 CRITICAL
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
CVE-2022-42767 2 Google, Unisoc 14 Android, S8012, Sc7731e and 11 more 2025-04-23 N/A 3.3 LOW
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42765 2 Google, Unisoc 15 Android, S8000, S8010 and 12 more 2025-04-23 N/A 5.5 MEDIUM
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-41325 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2025-04-23 N/A 7.8 HIGH
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.
CVE-2022-42764 2 Google, Unisoc 14 Android, S8009, Sc7731e and 11 more 2025-04-23 N/A 5.5 MEDIUM
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2022-42763 2 Google, Unisoc 14 Android, S8008, Sc7731e and 11 more 2025-04-23 N/A 5.5 MEDIUM
In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.
CVE-2019-16905 3 Netapp, Openbsd, Siemens 7 Cloud Backup, Steelstore Cloud Integrated Storage, Openssh and 4 more 2025-04-23 4.4 MEDIUM 7.8 HIGH
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
CVE-2024-20046 2 Google, Mediatek 22 Android, Mt6761, Mt6765 and 19 more 2025-04-23 N/A 6.6 MEDIUM
In battery, there is a possible escalation of privilege due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08485622; Issue ID: ALPS08485622.
CVE-2024-20047 2 Google, Mediatek 19 Android, Mt6739, Mt6768 and 16 more 2025-04-23 N/A 5.4 MEDIUM
In battery, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587865; Issue ID: ALPS08486807.
CVE-2024-20025 2 Google, Mediatek 42 Android, Mt6739, Mt6757 and 39 more 2025-04-22 N/A 6.7 MEDIUM
In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686.
CVE-2022-25748 1 Qualcomm 546 Apq8009, Apq8009 Firmware, Apq8017 and 543 more 2025-04-22 N/A 9.8 CRITICAL
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2025-20653 2 Google, Mediatek 15 Android, Mt6781, Mt6789 and 12 more 2025-04-22 N/A 6.5 MEDIUM
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
CVE-2022-42805 1 Apple 3 Ipados, Iphone Os, Macos 2025-04-21 N/A 7.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges.
CVE-2017-5501 1 Jasper Project 1 Jasper 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-9161 1 Autotrace Project 1 Autotrace 2025-04-20 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23.
CVE-2016-5223 1 Google 1 Chrome 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
CVE-2017-2440 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app.
CVE-2016-9108 2 Artifex, Fedoraproject 2 Mujs, Fedora 2025-04-20 5.0 MEDIUM 7.5 HIGH
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
CVE-2017-17409 1 Bitdefender 1 Internet Security 2018 2025-04-20 9.3 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within emulator 0x10A in cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5102.
CVE-2017-9198 1 Autotrace Project 1 Autotrace 2025-04-20 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18.