Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-4985

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-27 Mar, 2026 | 21:27
Updated At-30 Mar, 2026 | 15:48
Rejected At-
Credits

dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:27 Mar, 2026 | 21:27
Updated At:30 Mar, 2026 | 15:48
Rejected At:
â–¼CVE Numbering Authority (CNA)
dloebl CGIF GIF Image cgif.c cgif_addframe integer overflow

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.

Affected Products
Vendor
dloebl
Product
CGIF
Modules
  • GIF Image Handler
Versions
Affected
  • 0.5.0
  • 0.5.1
  • 0.5.2
Problem Types
TypeCWE IDDescription
CWECWE-190Integer Overflow
CWECWE-189Numeric Error
Type: CWE
CWE ID: CWE-190
Description: Integer Overflow
Type: CWE
CWE ID: CWE-189
Description: Numeric Error
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
3.04.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
2.05.0N/A
AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
Version: 2.0
Base score: 5.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
zzxzzb (VulDB User)
Timeline
EventDate
Advisory disclosed2026-03-27 00:00:00
VulDB entry created2026-03-27 01:00:00
VulDB entry last update2026-03-27 13:52:49
Event: Advisory disclosed
Date: 2026-03-27 00:00:00
Event: VulDB entry created
Date: 2026-03-27 01:00:00
Event: VulDB entry last update
Date: 2026-03-27 13:52:49
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.353874
vdb-entry
technical-description
https://vuldb.com/?ctiid.353874
signature
permissions-required
https://vuldb.com/?submit.778278
third-party-advisory
https://github.com/dloebl/cgif/issues/110
issue-tracking
https://github.com/dloebl/cgif/pull/112
issue-tracking
patch
https://github.com/dloebl/cgif/commit/b0ba830093f4317a5d1f345715d2fa3cd2dab474
patch
https://github.com/dloebl/cgif/
product
Hyperlink: https://vuldb.com/?id.353874
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.353874
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.778278
Resource:
third-party-advisory
Hyperlink: https://github.com/dloebl/cgif/issues/110
Resource:
issue-tracking
Hyperlink: https://github.com/dloebl/cgif/pull/112
Resource:
issue-tracking
patch
Hyperlink: https://github.com/dloebl/cgif/commit/b0ba830093f4317a5d1f345715d2fa3cd2dab474
Resource:
patch
Hyperlink: https://github.com/dloebl/cgif/
Resource:
product
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:27 Mar, 2026 | 22:16
Updated At:24 Apr, 2026 | 16:36

A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Secondary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Type: Secondary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-189Secondarycna@vuldb.com
CWE-190Secondarycna@vuldb.com
CWE ID: CWE-189
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-190
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/dloebl/cgif/cna@vuldb.com
N/A
https://github.com/dloebl/cgif/commit/b0ba830093f4317a5d1f345715d2fa3cd2dab474cna@vuldb.com
N/A
https://github.com/dloebl/cgif/issues/110cna@vuldb.com
N/A
https://github.com/dloebl/cgif/pull/112cna@vuldb.com
N/A
https://vuldb.com/?ctiid.353874cna@vuldb.com
N/A
https://vuldb.com/?id.353874cna@vuldb.com
N/A
https://vuldb.com/?submit.778278cna@vuldb.com
N/A
Hyperlink: https://github.com/dloebl/cgif/
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/dloebl/cgif/commit/b0ba830093f4317a5d1f345715d2fa3cd2dab474
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/dloebl/cgif/issues/110
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/dloebl/cgif/pull/112
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.353874
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.353874
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.778278
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

124Records found
CVE-2019-9311
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.98%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79431031

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-9098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.21% / 79.05%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 14:27
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. An Integer overflow in the built-in web server allows remote attackers to initiate DoS.

Action-Not Available
Vendor-n/aMoxa Inc.
Product-mb3180_firmwaremb3270_firmwaremb3480_firmwaremb3270mb3170_firmwaremb3660mb3170mb3280mb3660_firmwaremb3480mb3180mb3280_firmwaren/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-1000127
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 77.11%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later.

Action-Not Available
Vendor-memcachedn/aCanonical Ltd.Red Hat, Inc.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxopenstackmemcachedn/a
CWE ID-CWE-667
Improper Locking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-7733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 57.73%
||
7 Day CHG~0.00%
Published-11 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.

Action-Not Available
Vendor-live555n/a
Product-streaming_median/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-1699
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.9||CRITICAL
EPSS-0.32% / 54.86%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:20
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in causefx/organizr

Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

Action-Not Available
Vendor-organizrcausefx
Product-organizrcausefx/organizr
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-1036
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.74% / 72.99%
||
7 Day CHG~0.00%
Published-22 Mar, 2022 | 12:40
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Able to create an account with long password leads to memory corruption / Integer Overflow in microweber/microweber

Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-0913
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.1||CRITICAL
EPSS-0.81% / 74.31%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 09:10
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in microweber/microweber

Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.

Action-Not Available
Vendor-Microweber (‘Microweber Academy’ Foundation)
Product-microwebermicroweber/microweber
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-48234
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-2.8||LOW
EPSS-0.04% / 11.51%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 22:52
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
overflow in nv_z_get_count in vim

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-3946
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.23% / 79.30%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 14:06
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic.

Action-Not Available
Vendor-n/aFuji Electric Co., Ltd.
Product-v-serverFuji Electric V-Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-2147
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.29% / 92.27%
||
7 Day CHG~0.00%
Published-09 Feb, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write.

Action-Not Available
Vendor-busyboxn/aDebian GNU/LinuxCanonical Ltd.
Product-ubuntu_linuxdebian_linuxbusyboxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18305
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.19% / 40.72%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18300
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.88%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18299, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-18299
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.88%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 19:08
Updated-05 Aug, 2024 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server can trigger a Denial-of-Service condition by sending specifically crafted packets to port 5010/tcp. This vulnerability is independent from CVE-2019-18290, CVE-2019-18291, CVE-2019-18292, CVE-2019-18294, CVE-2019-18298, CVE-2019-18300, CVE-2019-18301, CVE-2019-18302, CVE-2019-18303, CVE-2019-18304, CVE-2019-18305, CVE-2019-18306, and CVE-2019-18307. Please note that an attacker needs to have network access to the MS3000 in order to exploit this vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Action-Not Available
Vendor-Siemens AG
Product-sppa-t3000_ms3000_migration_serverSPPA-T3000 MS3000 Migration Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 84.05%
||
7 Day CHG~0.00%
Published-31 Jul, 2019 | 20:57
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).

Action-Not Available
Vendor-nfdump_projectn/aDebian GNU/LinuxFedora Project
Product-nfdumpdebian_linuxfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2013-0899
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.17% / 78.72%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

Action-Not Available
Vendor-opus-codecn/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xipadoswindowsiphone_osmacosopuschromelinux_kernelopensusen/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-41991
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 85.53%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 13:44
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Action-Not Available
Vendor-strongswann/aDebian GNU/LinuxSiemens AGFedora Project
Product-siplus_s7-1200_cp_1243-1_railsimatic_cp_1242-7_gprs_v2_firmwaresimatic_cp_1542sp-1_firmwarescalance_sc646-2c_firmwaresiplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmwaresiplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmwaresimatic_cp_1243-1_firmwarescalance_sc622-2cscalance_sc646-2csinema_remote_connect_serversiplus_net_cp_1543-1_firmwaresiplus_s7-1200_cp_1243-1_rail_firmwarefedorasimatic_net_cp1243-7_lte_eu_firmwarescalance_sc632-2c_firmwaresimatic_net_cp_1545-1_firmwaresimatic_net_cp_1243-8_ircsimatic_cp_1242-7_gprs_v2scalance_sc622-2c_firmwaresiplus_s7-1200_cp_1243-1_firmwarecp_1543-1_firmwaresimatic_net_cp_1243-8_irc_firmwaresimatic_cp_1243-7_lte\/ussimatic_cp_1543sp-1simatic_cp_1243-7_lte\/us_firmwarestrongswansiplus_et_200sp_cp_1542sp-1_irc_tx_railsiplus_s7-1200_cp_1243-1scalance_sc636-2csimatic_cp_1542sp-1_ircscalance_sc642-2c_firmwaresimatic_cp_1243-1siplus_et_200sp_cp_1543sp-1_isecdebian_linuxsimatic_cp_1542sp-1_irc_firmwarecp_1543-1simatic_net_cp_1545-1simatic_cp_1543sp-1_firmwaresimatic_cp_1542sp-1scalance_sc642-2csiplus_et_200sp_cp_1543sp-1_isec_tx_railsiplus_et_200sp_cp_1543sp-1_isec_firmwaresiplus_net_cp_1543-1simatic_net_cp1243-7_lte_euscalance_sc636-2c_firmwarescalance_sc632-2cn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-23337
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.49%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 14:34
Updated-20 Jun, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jq has signed integer overflow in jv.c:jvp_array_write

jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.

Action-Not Available
Vendor-jqlangjqlang
Product-jqjq
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31871
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 81.73%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 05:18
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.

Action-Not Available
Vendor-klibc_projectn/aDebian GNU/Linux
Product-debian_linuxklibcn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-7945
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-7.5||HIGH
EPSS-1.22% / 79.14%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.

Action-Not Available
Vendor-n/aX.Org FoundationFedora Project
Product-fedoralibxin/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-3474
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.02% / 77.27%
||
7 Day CHG~0.00%
Published-30 Mar, 2021 | 00:00
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by OpenEXR could cause a shift overflow in the FastHufDecoder, potentially leading to problems with application availability.

Action-Not Available
Vendor-openexrn/aDebian GNU/Linux
Product-openexrdebian_linuxOpenEXR
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-1000098
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.70% / 72.17%
||
7 Day CHG~0.00%
Published-13 Mar, 2018 | 01:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.

Action-Not Available
Vendor-teluun/aDebian GNU/Linux
Product-debian_linuxpjsipn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31292
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 68.06%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.

Action-Not Available
Vendor-n/aExiv2Fedora ProjectDebian GNU/Linux
Product-exiv2debian_linuxfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-22684
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.22%
||
7 Day CHG~0.00%
Published-31 Aug, 2021 | 16:38
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash

Action-Not Available
Vendor-n/aSamsung
Product-tizenrtTizen RT RTOS
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2016-10159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.08% / 92.17%
||
7 Day CHG~0.00%
Published-24 Jan, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.

Action-Not Available
Vendor-n/aThe PHP GroupDebian GNU/Linux
Product-debian_linuxphpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found