Total
2006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21837 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-05-31 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-21850 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2022-05-31 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-21851 | 1 Gpac | 1 Gpac | 2022-05-31 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description indices can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2021-21852 | 1 Gpac | 1 Gpac | 2022-05-31 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. | |||||
| CVE-2022-29030 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | |||||
| CVE-2022-1754 | 1 Trudesk Project | 1 Trudesk | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
| CVE-2019-9137 | 1 Hmtalk | 1 Daviewindy | 2022-05-25 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2019-9138 | 1 Datools | 1 Daviewindy | 2022-05-25 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2022-1728 | 1 Trudesk Project | 1 Trudesk | 2022-05-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
| CVE-2022-28936 | 1 Fisco-bcos | 1 Fisco-bcos | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. | |||||
| CVE-2022-27114 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. | |||||
| CVE-2022-28471 | 1 Ffjpeg Project | 1 Ffjpeg | 2022-05-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 | |||||
| CVE-2021-27431 | 1 Arm | 1 Cmsis-rtos | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. | |||||
| CVE-2021-27435 | 1 Arm | 1 Mbed | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2018-14337 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. | |||||
| CVE-2018-10191 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code. | |||||
| CVE-2021-27433 | 1 Arm | 1 Mbed Ualloc | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. | |||||
| CVE-2020-6116 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6113 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6092 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file. | |||||