Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-42199

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 May, 2026 | 21:15
Updated At-11 May, 2026 | 16:00
Rejected At-
Credits

Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 May, 2026 | 21:15
Updated At:11 May, 2026 | 16:00
Rejected At:
▼CVE Numbering Authority (CNA)
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

Affected Products
Vendor
becheran
Product
grid
Versions
Affected
  • >= 0.17.0, < 1.0.1
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp
x_refsource_CONFIRM
https://github.com/becheran/grid/commit/be213bd3528727148bef2d523c89e95d1fd9c072
x_refsource_MISC
https://github.com/becheran/grid/releases/tag/v1.0.1
x_refsource_MISC
Hyperlink: https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/becheran/grid/commit/be213bd3528727148bef2d523c89e95d1fd9c072
Resource:
x_refsource_MISC
Hyperlink: https://github.com/becheran/grid/releases/tag/v1.0.1
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp
exploit
Hyperlink: https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 May, 2026 | 22:16
Updated At:11 May, 2026 | 17:16

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get() may invoke get_unchecked() with an invalid index, resulting in Undefined Behavior. This issue has been patched in version 1.0.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-190Secondarysecurity-advisories@github.com
CWE ID: CWE-190
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/becheran/grid/commit/be213bd3528727148bef2d523c89e95d1fd9c072security-advisories@github.com
N/A
https://github.com/becheran/grid/releases/tag/v1.0.1security-advisories@github.com
N/A
https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqpsecurity-advisories@github.com
N/A
https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/becheran/grid/commit/be213bd3528727148bef2d523c89e95d1fd9c072
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/becheran/grid/releases/tag/v1.0.1
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/becheran/grid/security/advisories/GHSA-38c5-483c-4qqp
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2026-34671
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-Not Assigned
Published-12 May, 2026 | 20:03
Updated-12 May, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-CAI Content Credentials
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-34680
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.2||MEDIUM
EPSS-Not Assigned
Published-12 May, 2026 | 20:03
Updated-12 May, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.
Product-CAI Content Credentials
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-7867
Matching Score-4
Assigner-Glyph & Cog, LLC
ShareView Details
Matching Score-4
Assigner-Glyph & Cog, LLC
CVSS Score-2.1||LOW
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 20:06
Updated-28 Aug, 2024 | 21:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates

In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.

Action-Not Available
Vendor-xpdfreaderXpdfxpdfreader
Product-xpdfXpdfxpdf
CWE ID-CWE-369
Divide By Zero
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-27691
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 14:36
Updated-26 Feb, 2026 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iccDEV has SIO in parse3DTable() at iccFromCube.cpp Line 218

iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

Action-Not Available
Vendor-InternationalColorConsortiumInternational Color Consortium (ICC)
Product-iccdeviccDEV
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-681
Incorrect Conversion between Numeric Types
CVE-2014-0147
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.12% / 30.52%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 03:30
Updated-06 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine.

Action-Not Available
Vendor-n/aQEMUFedora ProjectRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_ausenterprise_linux_workstationqemufedoraenterprise_linux_openstack_platformenterprise_linux_eusenterprise_linux_server_tusenterprise_linux_desktopQemu
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 4.35%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-03 Jun, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 9.08%
||
7 Day CHG~0.00%
Published-03 Jan, 2025 | 00:00
Updated-03 Jun, 2025 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-36618
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 11.13%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 00:00
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition.

Action-Not Available
Vendor-n/aFFmpeg
Product-ffmpegn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-43238
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 1.48%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 18:09
Updated-03 Apr, 2026 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-23022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4||MEDIUM
EPSS-0.03% / 7.75%
||
7 Day CHG~0.00%
Published-10 Jan, 2025 | 00:00
Updated-12 Feb, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.

Action-Not Available
Vendor-freetypeFreeType
Product-freetypeFreeType
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-43894
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.01% / 2.13%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 17:20
Updated-11 May, 2026 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq: Wild stack write via signed-integer overflow in decNumber D2U() macro

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-byte stack buffer, and then writes ≈715 million 16-bit units (≈1.4 GiB) at an offset 1.43 GiB below the stack frame. The written content is fully attacker-controlled (the parsed decimal digits, packed 3-per-unit).

Action-Not Available
Vendor-jqlang
Product-jq
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-25366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.71% / 72.44%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 00:00
Updated-02 Apr, 2025 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component.

Action-Not Available
Vendor-mz-automationn/amz-automation
Product-libiec61850n/alib60870
CWE ID-CWE-190
Integer Overflow or Wraparound
Details not found