Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-50399 | 1 Linux | 1 Linux Kernel | 2026-01-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: atomisp: prevent integer overflow in sh_css_set_black_frame()
The "height" and "width" values come from the user so the "height * width"
multiplication can overflow.
|
|||||
| CVE-2026-21485 | 1 Color | 1 Iccdev | 2026-01-14 | N/A | 8.8 HIGH |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are prone to have Undefined Behavior (UB) and Out of Memory errors. This issue is fixed in version 2.3.1.2.
|
|||||
| CVE-2024-41000 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-14 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
block/ioctl: prefer different overflow check
Running syzkaller with the newly reintroduced signed integer overflow
sanitizer shows this report:
[ 62.982337] ------------[ cut here ]------------
[ 62.985692] cgroup: Invalid name
[ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46
[ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1
[ 62.992992] 9223372036854775807 + ...
Show More |
|||||
| CVE-2025-14933 | 1 Unidata | 1 Netcdf | 2026-01-13 | N/A | 7.8 HIGH |
|
NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of NC variables. The issue results from the lack of proper validation of user-supplied data, which can result in an ...
Show More |
|||||
| CVE-2026-21673 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 7.8 HIGH |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have overflows and underflows in CIccXmlArrayType::ParseTextCountNum(). This vulnerability affects users of the iccDEV library who process ICC color profiles. This issue is fixed in version 2.3.1.1.
|
|||||
| CVE-2026-21486 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 7.8 HIGH |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. This issue is fixed in version 2.3.1.2.
|
|||||
| CVE-2026-21689 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 6.5 MEDIUM |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfileXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
|
|||||
| CVE-2026-21688 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 8.8 HIGH |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `SIccCalcOp::ArgsPushed()` at `IccProfLib/IccMpeCalc.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
|
|||||
| CVE-2025-14299 | 1 Tp-link | 2 Tapo C200, Tapo C200 Firmware | 2026-01-08 | N/A | 6.5 MEDIUM |
|
The HTTPS server on Tapo C200 V3 does not properly validate the Content-Length header, which can lead to an integer overflow. An unauthenticated attacker on the same local network segment can send crafted HTTPS requests to trigger excessive memory allocation, causing the device to crash and resulting in denial-of-service (DoS).
|
|||||
| CVE-2025-20803 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS10199779; Issue ID: MSV-4504.
|
|||||
| CVE-2025-20807 | 2 Google, Mediatek | 4 Android, Mt6899, Mt6991 and 1 more | 2026-01-08 | N/A | 6.7 MEDIUM |
|
In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114841; Issue ID: MSV-4451.
|
|||||
| CVE-2025-6035 | 2 Gimp, Redhat | 2 Gimp, Enterprise Linux | 2026-01-08 | N/A | 6.1 MEDIUM |
|
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
|
|||||
| CVE-2025-5449 | 1 Libssh | 1 Libssh | 2026-01-08 | N/A | 6.5 MEDIUM |
|
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
|
|||||
| CVE-2025-47712 | 2 Nbdkit Project, Redhat | 3 Nbdkit, Enterprise Linux, Enterprise Linux Advanced Virtualization | 2026-01-08 | N/A | 6.5 MEDIUM |
|
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
|
|||||
| CVE-2025-15278 | 1 Fontforge | 1 Fontforge | 2026-01-07 | N/A | 7.8 HIGH |
|
FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pixels within XBM files. The issue results from the lack of proper validation of user-supplied data, which can result in an ...
Show More |
|||||
| CVE-2025-69204 | 1 Imagemagick | 1 Imagemagick | 2026-01-06 | N/A | 5.3 MEDIUM |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
|
|||||
| CVE-2025-67111 | 1 Objectcomputing | 1 Opendds | 2026-01-06 | N/A | 7.5 HIGH |
|
An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
|
|||||
| CVE-2025-65865 | 1 Eprosima | 1 Fast Dds | 2026-01-06 | N/A | 7.5 HIGH |
|
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
|
|||||
| CVE-2025-36936 | 1 Google | 1 Android | 2026-01-05 | N/A | 7.8 HIGH |
|
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-14308 | 1 Robocode | 1 Robocode | 2026-01-05 | N/A | 9.8 CRITICAL |
|
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
|
|||||
| CVE-2025-62231 | 2026-01-05 | N/A | 7.3 HIGH | ||
|
A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a crash.
|
|||||
| CVE-2025-63938 | 1 Tinyproxy Project | 1 Tinyproxy | 2026-01-02 | N/A | 6.5 MEDIUM |
|
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
|
|||||
| CVE-2025-69261 | 2025-12-31 | N/A | N/A | ||
|
WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the access. This leads to a segmentation fault. Version 0.16.0-alpha.3 contains a patch for the issue.
|
|||||
| CVE-2025-63829 | 1 Eprosima | 1 Fast Dds | 2025-12-31 | N/A | 7.5 HIGH |
|
eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
|
|||||
| CVE-2025-63757 | 1 Ffmpeg | 1 Ffmpeg | 2025-12-30 | N/A | 7.5 HIGH |
|
Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.
|
|||||
| CVE-2025-66499 | 3 Apple, Foxit, Microsoft | 4 Macos, Pdf Editor, Pdf Reader and 1 more | 2025-12-23 | N/A | 7.8 HIGH |
|
A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code.
|
|||||
| CVE-2025-64721 | 1 Sandboxie-plus | 1 Sandboxie | 2025-12-22 | N/A | 10.0 CRITICAL |
|
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len without overflow checking. A large value_len (e.g., 0xFFFFFFF0) wraps the allocation size, causing a heap overflow when attacker data is copied into the undersized buffer. This allows sandboxed process ...
Show More |
|||||
| CVE-2023-29144 | 1 Malwarebytes | 1 Malwarebytes | 2025-12-19 | N/A | 3.3 LOW |
|
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a bypass of detection.
|
|||||
| CVE-2019-3863 | 5 Debian, Libssh2, Netapp and 2 more | 10 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 7 more | 2025-12-19 | 6.8 MEDIUM | 7.5 HIGH |
|
A flaw was found in libssh2 before 1.8.1 creating a vulnerability on the SSH client side. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used by the SSH client as an index to copy memory causing in an out of bounds memory write error.
|
|||||
| CVE-2025-38193 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net_sched: sch_sfq: reject invalid perturb period
Gerrard Tai reported that SFQ perturb_period has no range check yet,
and this can be used to trigger a race condition fixed in a separate patch.
We want to make sure ctl->perturb_period * HZ will not overflow
and is positive.
tc qd add dev lo root sfq perturb -10 # negative value : error
Error: sch_sfq: invalid perturb period.
tc qd add dev lo root sfq perturb 1000000000 ...
Show More |
|||||
| CVE-2025-38222 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-12-18 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ext4: inline: fix len overflow in ext4_prepare_inline_data
When running the following code on an ext4 filesystem with inline_data
feature enabled, it will lead to the bug below.
fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666);
ftruncate(fd, 30);
pwrite(fd, "a", 1, (1UL << 40) + 5UL);
That happens because write_begin will succeed as when
ext4_generic_write_inline_data calls ext4_prepare_inline_dat ...
Show More |
|||||
| CVE-2022-28615 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2025-12-18 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
|
|||||
| CVE-2025-46285 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.8 HIGH |
|
An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in watchOS 26.2, macOS Sonoma 14.8.3, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, macOS Sequoia 15.7.3, visionOS 26.2, tvOS 26.2. An app may be able to gain root privileges.
|
|||||
| CVE-2025-65803 | 1 Freeimage Project | 1 Freeimage | 2025-12-17 | N/A | 6.5 MEDIUM |
|
An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.
|
|||||
| CVE-2021-34536 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2025-12-16 | 4.6 MEDIUM | 7.8 HIGH |
|
Storage Spaces Controller Elevation of Privilege Vulnerability
|
|||||
| CVE-2025-12035 | 2025-12-16 | N/A | 6.5 MEDIUM | ||
|
An integer overflow condition exists in Bluetooth Host stack, within the bt_br_acl_recv routine a critical path for processing inbound BR/EDR L2CAP traffic.
|
|||||
| CVE-2025-62467 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-12-12 | N/A | 7.8 HIGH |
|
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally.
|
|||||
| CVE-2025-5916 | 2 Libarchive, Redhat | 3 Libarchive, Enterprise Linux, Openshift Container Platform | 2025-12-12 | N/A | 3.9 LOW |
|
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive v ...
Show More |
|||||
| CVE-2025-49179 | 2025-12-11 | N/A | 7.3 HIGH | ||
|
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
|
|||||
| CVE-2025-48637 | 1 Google | 1 Android | 2025-12-11 | N/A | 7.8 HIGH |
|
In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||