Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-190
Total 2006 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-23144 1 Gpac 1 Gpac 2023-02-01 N/A 5.5 MEDIUM
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.
CVE-2018-1084 4 Canonical, Corosync, Debian and 1 more 4 Ubuntu Linux, Corosync, Debian Linux and 1 more 2023-01-31 7.5 HIGH 7.5 HIGH
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
CVE-2021-32027 2 Postgresql, Redhat 4 Postgresql, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2023-01-31 6.5 MEDIUM 8.8 HIGH
A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2019-13736 4 Debian, Fedoraproject, Google and 1 more 7 Debian Linux, Fedora, Chrome and 4 more 2023-01-30 6.8 MEDIUM 8.8 HIGH
Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2017-12108 1 Libxls Project 1 Libxls 2023-01-27 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
CVE-2017-2820 1 Freedesktop 1 Poppler 2023-01-27 6.8 MEDIUM 8.8 HIGH
An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow causing out of bounds memory overwrite on the heap resulting in potential arbitrary code execution. To trigger this vulnerability, a victim must open the malicious PDF in an application using this library.
CVE-2020-13999 2 Fedoraproject, Libemf Project 2 Fedora, Libemf 2023-01-27 4.3 MEDIUM 5.5 MEDIUM
ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.
CVE-2023-21579 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2023-01-26 N/A 7.8 HIGH
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-23521 1 Git-scm 1 Git 2023-01-26 N/A 9.8 CRITICAL
Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a `.gitattributes` file to the repository, which contains a set of file patterns and the attributes that should be set for paths matching this pattern. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, a huge number of attributes for a single pattern, or when the declared attribute names are huge. These overflows can be triggered via a crafted `.gitattributes` file that may be part of the commit history. Git silently splits lines longer than 2KB when parsing gitattributes from a file, but not when parsing them from the index. Consequentially, the failure mode depends on whether the file exists in the working tree, the index or both. This integer overflow can result in arbitrary heap reads and writes, which may result in remote code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-41903 1 Git-scm 1 Git 2023-01-25 N/A 9.8 CRITICAL
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log --format=...`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config --global daemon.uploadArch false`.
CVE-2021-26346 1 Amd 208 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3200g and 205 more 2023-01-24 N/A 5.5 MEDIUM
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
CVE-2013-0899 6 Apple, Google, Linux and 3 more 9 Ipados, Iphone Os, Mac Os X and 6 more 2023-01-23 5.0 MEDIUM N/A
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.
CVE-2020-5310 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Pillow 2023-01-23 6.8 MEDIUM 8.8 HIGH
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVE-2022-1812 1 Publify Project 1 Publify 2023-01-23 N/A 9.8 CRITICAL
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10.
CVE-2022-3515 3 Gnupg, Gpg4win, Libksba Project 4 Gnupg, Vs-desktop, Gpg4win and 1 more 2023-01-20 N/A 9.8 CRITICAL
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
CVE-2018-13113 1 Easy Trading Token Project 1 Easy Trading Token 2023-01-20 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13144 1 Pandora Project 1 Pandora 2023-01-20 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13326 1 Bittelux Project 1 Bittelux 2023-01-20 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for Bittelux (BTX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2018-13327 1 Chucunlingaigo Project 1 Chucunlingaigo 2023-01-20 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The transfer and transferFrom functions of a smart contract implementation for ChuCunLingAIGO (CCLAG), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
CVE-2022-40983 1 Qt 1 Qt 2023-01-20 N/A 8.8 HIGH
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.