Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-20303

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-04 Mar, 2022 | 00:00
Updated At-03 Aug, 2024 | 17:37
Rejected At-
Credits

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:04 Mar, 2022 | 00:00
Updated At:03 Aug, 2024 | 17:37
Rejected At:
▼CVE Numbering Authority (CNA)

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

Affected Products
Vendor
n/a
Product
OpenEXR
Versions
Affected
  • Fixed in v2.5.4 and beyond.
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190 - Integer Overflow or Wraparound, CWE-787 - Out-of-bounds Write
Type: CWE
CWE ID: CWE-190
Description: CWE-190 - Integer Overflow or Wraparound, CWE-787 - Out-of-bounds Write
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=1939151
N/A
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
N/A
https://github.com/AcademySoftwareFoundation/openexr/pull/831
N/A
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
mailing-list
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1939151
Resource: N/A
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
Resource: N/A
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/pull/831
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=1939151
x_transferred
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
x_transferred
https://github.com/AcademySoftwareFoundation/openexr/pull/831
x_transferred
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
mailing-list
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1939151
Resource:
x_transferred
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
Resource:
x_transferred
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/pull/831
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
Resource:
mailing-list
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:04 Mar, 2022 | 18:15
Updated At:07 Nov, 2023 | 03:29

A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger an integer overflow, leading to an out-of-bounds write on the heap. The greatest impact of this flaw is to application availability, with some potential impact to data integrity as well.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CPE Matches

openexr
openexr
>>openexr>>Versions before 2.5.4(exclusive)
cpe:2.3:a:openexr:openexr:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-190Primarysecalert@redhat.com
CWE-190Secondarynvd@nist.gov
CWE ID: CWE-190
Type: Primary
Source: secalert@redhat.com
CWE ID: CWE-190
Type: Secondary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1939151secalert@redhat.com
Issue Tracking
Vendor Advisory
https://github.com/AcademySoftwareFoundation/openexr/pull/831secalert@redhat.com
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/12/msg00022.htmlsecalert@redhat.com
Mailing List
Third Party Advisory
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25505
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1939151
Source: secalert@redhat.com
Resource:
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/AcademySoftwareFoundation/openexr/pull/831
Source: secalert@redhat.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

429Records found

CVE-2022-22721
Matching Score-10
Assigner-Apache Software Foundation
ShareView Details
Matching Score-10
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-41.86% / 98.52%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 10:15
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Action-Not Available
Vendor-The Apache Software FoundationApple Inc.Fedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitmac_os_xmacosenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-44663
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.89%
||
7 Day CHG~0.00%
Published-18 Jun, 2026 | 20:20
Updated-26 Jun, 2026 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, an integer overflow in ht_undo_impl() in src/lib/OpenEXRCore/internal_ht.cpp leads to a heap-buffer overflow when decoding a crafted HTJ2K-compressed EXR file. decode->channels[i].width (int32_t) is multiplied by bytes_per_element in 32-bit signed arithmetic. With large widths (e.g., >= 536870912 for FLOAT data), this overflows, producing a corrupted offset that is later used for pointer arithmetic and can cause a heap out-of-bounds write. The same unchecked multiplication pattern appears in two other HTJ2K paths (bytes-per-line accumulation and pixel-line pointer advancement). As with related CVE-2026-34378 through CVE-2026-34589 fixes in other codecs, validating only after the multiplication is too late because the value may already be overflowed. This issue has been fixed in version 3.4.12.

Action-Not Available
Vendor-openexrAcademySoftwareFoundation
Product-openexropenexr
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-35738
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.20% / 64.33%
||
7 Day CHG~0.00%
Published-28 Dec, 2020 | 03:54
Updated-04 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.

Action-Not Available
Vendor-wavpackn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorawavpackn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-0396
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.01% / 78.45%
||
7 Day CHG~0.00%
Published-12 Mar, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

Action-Not Available
Vendor-n/aDebian GNU/Linux
Product-dpkgn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-1355
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 41.00%
||
7 Day CHG~0.00%
Published-31 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.LibTIFFFedora ProjectDebian GNU/Linux
Product-debian_linuxontap_select_deploy_administration_utilitylibtifffedoraenterprise_linuxlibtiff
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4323
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-3.7||LOW
EPSS-2.31% / 81.24%
||
7 Day CHG+0.02%
Published-06 Jan, 2017 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxPidgin
Product-pidgindebian_linuxubuntu_linuxPidgin
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-2599
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.8||MEDIUM
EPSS-4.16% / 89.65%
||
7 Day CHG-0.03%
Published-18 Jan, 2018 | 02:00
Updated-03 Oct, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxHP Inc.Oracle CorporationRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxxp7_command_viewenterprise_linux_server_eusenterprise_linux_server_aussatellitejdkstruxureware_data_center_expertjrockitxp_command_viewdebian_linuxxp_p9000_command_viewjreenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopJava
CVE-2018-16587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.75% / 75.18%
||
7 Day CHG~0.00%
Published-28 Sep, 2018 | 00:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a user with admin permissions opens it, it causes deletions of arbitrary files that the OTRS web server user has write access to.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOTRS AG
Product-open_ticket_request_systemdebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-45972
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.96% / 57.19%
||
7 Day CHG~0.00%
Published-01 Jan, 2022 | 20:36
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

Action-Not Available
Vendor-giftrans_projectn/aDebian GNU/Linux
Product-debian_linuxgiftransn/a
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2021-41072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.14% / 79.77%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 00:00
Updated-04 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

Action-Not Available
Vendor-squashfs-tools_projectn/aDebian GNU/Linux
Product-debian_linuxsquashfs-toolsn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-40153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.50% / 82.76%
||
7 Day CHG~0.00%
Published-27 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

Action-Not Available
Vendor-squashfs-tools_projectn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linuxsquashfs-toolsfedoraenterprise_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-13054
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.20% / 80.35%
||
7 Day CHG~0.00%
Published-02 Jul, 2018 | 14:00
Updated-05 Aug, 2024 | 08:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.

Action-Not Available
Vendor-linuxmintn/aDebian GNU/Linux
Product-cinnamondebian_linuxn/a
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2021-3772
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.24% / 65.55%
||
7 Day CHG+0.03%
Published-02 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-h500ssolidfire_\&_hci_management_nodeh615c_firmwareenterprise_linuxh300s_firmwareh410c_firmwarecommunications_cloud_native_core_network_exposure_functionh410ssolidfire_\&_hci_storage_nodeh610s_firmwareh300shci_compute_nodecommunications_cloud_native_core_policyh610sdebian_linuxlinux_kernelh410s_firmwaree-series_santricity_os_controllerh500s_firmwareh610ch700s_firmwarecommunications_cloud_native_core_binding_support_functionh410ch615ch700sh610c_firmwarekernel
CWE ID-CWE-354
Improper Validation of Integrity Check Value
CVE-2017-18926
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-3.08% / 86.08%
||
7 Day CHG~0.00%
Published-06 Nov, 2020 | 17:48
Updated-05 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

Action-Not Available
Vendor-librdfn/aDebian GNU/LinuxFedora Project
Product-debian_linuxraptor_rdf_syntax_libraryfedoran/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-14450
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-7.1||HIGH
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability.

Action-Not Available
Vendor-libsdlSam Lantinga and Mattias EngdegårdDebian GNU/Linux
Product-sdl_imagedebian_linuxSimple DirectMedia Layer
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000472
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-1.68% / 74.13%
||
7 Day CHG~0.00%
Published-03 Jan, 2018 | 20:00
Updated-05 Aug, 2024 | 22:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a "file path injection vulnerability".

Action-Not Available
Vendor-pocoprojectn/aDebian GNU/Linux
Product-pocodebian_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2016-2831
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-1.35% / 68.15%
||
7 Day CHG~0.00%
Published-13 Jun, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEMozilla CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxfirefoxleapopensusen/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-3561
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-1.18% / 63.85%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 21:27
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() could allow an attacker to provide a crafted malicious input causing the application to either crash or in some cases cause memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

Action-Not Available
Vendor-fig2dev_projectn/aDebian GNU/LinuxFedora Project
Product-fig2devdebian_linuxfedorafig2dev
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-3555
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-87.26% / 99.73%
||
7 Day CHG~0.00%
Published-09 Nov, 2009 | 17:00
Updated-27 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Action-Not Available
Vendor-n/aGNUMozilla CorporationCanonical Ltd.F5, Inc.The Apache Software FoundationOpenSSLDebian GNU/LinuxFedora Project
Product-nssopensslfedoradebian_linuxnginxhttp_servergnutlsubuntu_linuxn/a
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-300
Channel Accessible by Non-Endpoint
CVE-2020-27218
Matching Score-8
Assigner-Eclipse Foundation
ShareView Details
Matching Score-8
Assigner-Eclipse Foundation
CVSS Score-4.8||MEDIUM
EPSS-8.11% / 94.14%
||
7 Day CHG~0.00%
Published-28 Nov, 2020 | 00:00
Updated-04 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationEclipse Foundation AISBLOracle CorporationDebian GNU/Linux
Product-siebel_core_-_automationsparkrest_data_servicescommunications_offline_mediation_controllercommunications_session_route_managerflexcube_private_bankingretail_eftlinkkafkadebian_linuxblockchain_platformcommunications_pricing_design_centeroncommand_system_managersnap_creator_frameworkhyperion_infrastructure_technologycommunications_services_gatekeeperjettycommunications_converged_application_server_-_service_controllerEclipse Jetty
CWE ID-CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CVE-2019-7283
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-1.98% / 78.07%
||
7 Day CHG~0.00%
Published-31 Jan, 2019 | 18:00
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server (or Man-in-The-Middle attacker) can overwrite arbitrary files in a directory on the rcp client machine. This is similar to CVE-2019-6111.

Action-Not Available
Vendor-netkitn/aDebian GNU/Linux
Product-netkitdebian_linuxn/a
CVE-2019-6111
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-58.20% / 98.98%
||
7 Day CHG~0.00%
Published-31 Jan, 2019 | 00:00
Updated-18 Dec, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).

Action-Not Available
Vendor-winscpn/aDebian GNU/LinuxFujitsu LimitedThe Apache Software FoundationFreeBSD FoundationSiemens AGRed Hat, Inc.Fedora ProjectCanonical Ltd.OpenBSD
Product-enterprise_linux_server_ausm10-4enterprise_linux_eusopensshm12-2s_firmwarem10-4_firmwarem10-4sm12-1_firmwareubuntu_linuxscalance_x204rna_eec_firmwaremina_sshdm12-1m12-2sm12-2_firmwarem10-4s_firmwareenterprise_linuxenterprise_linux_server_tusm12-2winscpfreebsddebian_linuxfedorascalance_x204rnam10-1_firmwarescalance_x204rna_eecscalance_x204rna_firmwarem10-1n/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-3902
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.1||MEDIUM
EPSS-1.41% / 69.46%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 15:29
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Mercurial before 4.9. It was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository.

Action-Not Available
Vendor-mercurialThe Mercurial ProjectDebian GNU/LinuxRed Hat, Inc.
Product-mercurialdebian_linuxenterprise_linuxmercurial
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2019-2975
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.8||MEDIUM
EPSS-3.33% / 87.13%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 17:40
Updated-01 Oct, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Red Hat, Inc.openSUSEOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverubuntu_linuxepolicy_orchestratorenterprise_linuxsatellitejdke-series_santricity_web_services_proxyoncommand_workflow_automationdebian_linuxe-series_santricity_unified_managersnapmanagerjreenterprise_linux_workstatione-series_santricity_os_controllere-series_santricity_storage_managerenterprise_linux_eusenterprise_linux_desktopleapJava
CVE-2020-35523
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-1.92% / 77.44%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 19:17
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow flaw was found in libtiff that exists in the tif_getimage.c file. This flaw allows an attacker to inject and execute arbitrary code when a user opens a crafted TIFF file. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Action-Not Available
Vendor-n/aNetApp, Inc.Red Hat, Inc.Debian GNU/LinuxLibTIFF
Product-ontap_select_deploy_administration_utilitylibtiffdebian_linuxenterprise_linuxlibtiff
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-42259
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.26% / 17.60%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.

Action-Not Available
Vendor-Red Hat, Inc.Citrix (Cloud Software Group, Inc.)Debian GNU/LinuxVMware (Broadcom Inc.)Linux Kernel Organization, IncNVIDIA Corporation
Product-debian_linuxlinux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-27761
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.07% / 60.88%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-27771
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.16% / 63.29%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aRed Hat, Inc.Debian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickenterprise_linuxImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2902
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.87% / 76.73%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-27764
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-1.15% / 62.91%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-25676
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-1.17% / 63.65%
||
7 Day CHG~0.00%
Published-08 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which were being used with the floor() function. These calculations produced undefined behavior in the form of out-of-range and integer overflows, as identified by UndefinedBehaviorSanitizer. These instances of undefined behavior could be triggered by an attacker who is able to supply a crafted input file to be processed by ImageMagick. These issues could impact application availability or potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-42257
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.62%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncCitrix (Cloud Software Group, Inc.)Red Hat, Inc.VMware (Broadcom Inc.)Debian GNU/Linux
Product-debian_linuxlinux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-4391
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.34% / 91.63%
||
7 Day CHG~0.00%
Published-28 Oct, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-systemd_projectn/aDebian GNU/Linux
Product-systemddebian_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-42258
Matching Score-6
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-6
Assigner-NVIDIA Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 19.62%
||
7 Day CHG~0.00%
Published-30 Dec, 2022 | 00:00
Updated-10 Apr, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationRed Hat, Inc.VMware (Broadcom Inc.)Citrix (Cloud Software Group, Inc.)Linux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kernelgpu_display_driverenterprise_linux_kernel-based_virtual_machinevirtual_gpuhypervisornvsteslavspherequadrocloud_gaminggeforcertxvGPU software (guest driver) - Linux, vGPU software (Virtual GPU Manager), NVIDIA Cloud Gaming (guest driver), NVIDIA Cloud Gaming (Virtual GPU Manager)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2838
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-6.5||MEDIUM
EPSS-1.57% / 72.35%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 03:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.

Action-Not Available
Vendor-FreeRDPDebian GNU/Linux
Product-freerdpdebian_linuxFreeRDP
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-41325
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 46.61%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions.

Action-Not Available
Vendor-n/aVideoLANDebian GNU/Linux
Product-vlc_media_playerdebian_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-38784
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.57% / 43.19%
||
7 Day CHG~0.00%
Published-30 Aug, 2022 | 02:58
Updated-17 Sep, 2024 | 03:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora Projectfreedesktop.org
Product-debian_linuxfedorapopplern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2904
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-1.87% / 76.73%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2017-2918
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.8||HIGH
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-24 Apr, 2018 | 19:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability.

Action-Not Available
Vendor-Debian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxBlender
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-16167
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-1.53% / 71.74%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 00:00
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.

Action-Not Available
Vendor-sysstat_projectn/aCanonical Ltd.openSUSEFedora ProjectDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxfedorasysstatleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2012-1185
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-29.68% / 97.97%
||
7 Day CHG-1.23%
Published-05 Jun, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.

Action-Not Available
Vendor-n/aCanonical Ltd.ImageMagick Studio LLCopenSUSEDebian GNU/Linux
Product-debian_linuximagemagickubuntu_linuxopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-10938
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.23% / 91.50%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 15:28
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGraphicsMagickopenSUSE
Product-backportsdebian_linuxgraphicsmagickleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-29824
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-3.63% / 88.15%
||
7 Day CHG+0.23%
Published-03 May, 2022 | 00:00
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora Projectlibxml2 (XMLSoft)Debian GNU/Linux
Product-h500ssolidfire_\&_hci_management_nodelibxslth300s_firmwareh410c_firmwarelibxml2active_iq_unified_managerh410sh300sclustered_data_ontapsnapdrivedebian_linuxmanageability_software_development_kitsmi-s_providersnapmanagerontap_select_deploy_administration_utilityh410s_firmwarefedorazfs_storage_appliance_kith500s_firmwareh700s_firmwareclustered_data_ontap_antivirus_connectorh410ch700sn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14973
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.20% / 89.74%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 05:15
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.

Action-Not Available
Vendor-n/aopenSUSELibTIFFFedora ProjectDebian GNU/Linux
Product-libtiffdebian_linuxfedoraleapn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-5197
Matching Score-6
Assigner-Google LLC
ShareView Details
Matching Score-6
Assigner-Google LLC
CVSS Score-5.9||MEDIUM
EPSS-0.81% / 52.54%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 13:30
Updated-22 Jul, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow in libvpx

There exists interger overflows in libvpx in versions prior to 1.14.1. Calling vpx_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. Calling vpx_img_wrap() with a large value of the d_w, d_h, or stride_align parameter may result in integer overflows in the calculations of buffer sizes and offsets and some fields of the returned vpx_image_t struct may be invalid. We recommend upgrading to version 1.14.1 or beyond

Action-Not Available
Vendor-webmprojectChromiumchromiumDebian GNU/Linux
Product-debian_linuxlibvpxlibvpxlibvpx
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-4653
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.82% / 76.14%
||
7 Day CHG~0.00%
Published-13 Nov, 2019 | 19:12
Updated-07 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.

Action-Not Available
Vendor-popplerDebian GNU/Linuxfreedesktop.org
Product-debian_linuxpopplerpoppler
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-52035
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.4||HIGH
EPSS-0.25% / 16.46%
||
7 Day CHG~0.00%
Published-02 Jun, 2025 | 15:00
Updated-18 Feb, 2026 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-fossiescatdocDebian GNU/Linux
Product-catdocdebian_linuxcatdoc
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-28041
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-2.07% / 79.10%
||
7 Day CHG+0.06%
Published-15 Apr, 2022 | 00:00
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Action-Not Available
Vendor-nothingsn/aDebian GNU/LinuxFedora Project
Product-fedoradebian_linuxstb_image.hn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-3067
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.43% / 34.44%
||
7 Day CHG~0.00%
Published-21 Sep, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel before 2.6.36-rc4-next-20100915 allows local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSELinux Kernel Organization, IncSUSEDebian GNU/Linux
Product-debian_linuxubuntu_linuxlinux_enterprise_desktoplinux_enterprise_real_time_extensionlinux_enterprise_serverlinux_kernellinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2010-2959
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-7.2||HIGH
EPSS-3.78% / 88.63%
||
7 Day CHG~0.00%
Published-08 Sep, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSEDebian GNU/LinuxFedora Project
Product-debian_linuxlinux_enterprise_desktoplinux_enterprise_high_availability_extensionlinux_enterprise_serverlinux_enterprise_real_timefedoralinux_kernelopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next
Details not found