Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-34680

Summary
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
Published At-12 May, 2026 | 20:03
Updated At-12 May, 2026 | 20:23
Rejected At-
Credits

CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:adobe
Assigner Org ID:078d4453-3bcd-4900-85e6-15281da43538
Published At:12 May, 2026 | 20:03
Updated At:12 May, 2026 | 20:23
Rejected At:
▼CVE Numbering Authority (CNA)
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Affected Products
Vendor
Adobe Inc.Adobe
Product
CAI Content Credentials
Default Status
affected
Versions
Affected
  • From 0 through 0.7.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-190Integer Overflow or Wraparound (CWE-190)
Type: CWE
CWE ID: CWE-190
Description: Integer Overflow or Wraparound (CWE-190)
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-53.html
vendor-advisory
Hyperlink: https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-53.html
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@adobe.com
Published At:12 May, 2026 | 20:16
Updated At:12 May, 2026 | 20:16

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-190Primarypsirt@adobe.com
CWE ID: CWE-190
Type: Primary
Source: psirt@adobe.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-53.htmlpsirt@adobe.com
N/A
Hyperlink: https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-53.html
Source: psirt@adobe.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

60Records found
CVE-2026-27691
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 14:36
Updated-26 Feb, 2026 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

Action-Not Available
Vendor-InternationalColorConsortiumInternational Color Consortium (ICC)
Product-iccdeviccDEV
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2026-43894
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-Not Assigned
Published-11 May, 2026 | 17:20
Updated-11 May, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-byte stack buffer, and then writes ≈715 million 16-bit units (≈1.4 GiB) at an offset 1.43 GiB below the stack frame. The written content is fully attacker-controlled (the parsed decimal digits, packed 3-per-unit).

Action-Not Available
Vendor-jqlang
Product-jq
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-0147
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 03:30
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Action-Not Available
Vendor-n/aQEMUFedora ProjectRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_ausenterprise_linux_workstationqemufedoraenterprise_linux_openstack_platformenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopQemu
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-42199
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.68%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 21:15
Updated-11 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

Action-Not Available
Vendor-becheran
Product-grid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-43238
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.49%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 18:09
Updated-03 Apr, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-03 Jun, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 9.06%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 00:00
Updated-03 Jun, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.09%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-23022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.03% / 7.72%
||
7 Day CHG~0.00%
Published-10 Jan, 2025 | 00:00
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.

Action-Not Available
Vendor-freetypeFreeType
Product-freetypeFreeType
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-25366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.71% / 72.41%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 00:00
Updated-02 Apr, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.

Action-Not Available
Vendor-mz-automationn/amz-automation
Product-libiec61850n/alib60870
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • Next
Details not found