Total
2944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-36916 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array.
|
|||||
| CVE-2023-36915 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
|
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array.
|
|||||
| CVE-2023-36864 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
|
An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-35992 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.0 HIGH |
|
An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-35989 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
|
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-35128 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.0 HIGH |
|
An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-35057 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
|
An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-35004 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.8 HIGH |
|
An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-32650 | 1 Tonybybell | 1 Gtkwave | 2025-11-04 | N/A | 7.0 HIGH |
|
An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.
|
|||||
| CVE-2024-40784 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination.
|
|||||
| CVE-2024-37356 | 1 Linux | 1 Linux Kernel | 2025-11-04 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
In dctcp_update_alpha(), we use a module parameter dctcp_shift_g
as follows:
alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g);
...
delivered_ce <<= (10 - dctcp_shift_g);
It seems syzkaller started fuzzing module parameters and triggered
shift-out-of-bounds [0] by setting 100 to dctcp_shift_g:
memcpy((void*)0x20000080,
"/sys/module/tcp_dctcp/parameter ...
Show More |
|||||
| CVE-2024-34403 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-11-04 | N/A | 5.9 MEDIUM |
|
An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.
|
|||||
| CVE-2024-34402 | 2 Fedoraproject, Uriparser Project | 2 Fedora, Uriparser | 2025-11-04 | N/A | 8.6 HIGH |
|
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
|
|||||
| CVE-2024-27833 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2025-11-04 | N/A | 8.8 HIGH |
|
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution.
|
|||||
| CVE-2023-47212 | 2 Fedoraproject, Nothings | 2 Fedora, Stb Vorbis.c | 2025-11-04 | N/A | 9.8 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2023-45742 | 2 Level1, Realtek | 3 Wbr-6013, Wbr-6013 Firmware, Rtl819x Jungle Software Development Kit | 2025-11-04 | N/A | 7.2 HIGH |
|
An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2024-45492 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 9.8 CRITICAL |
|
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
|
|||||
| CVE-2024-45491 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 9.8 CRITICAL |
|
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
|
|||||
| CVE-2024-45490 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 7.5 HIGH |
|
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
|
|||||
| CVE-2024-44198 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-04 | N/A | 5.5 MEDIUM |
|
An integer overflow was addressed through improved input validation. This issue is fixed in visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
|
|||||
| CVE-2022-0204 | 3 Bluez, Debian, Fedoraproject | 3 Bluez, Debian Linux, Fedora | 2025-11-04 | 5.8 MEDIUM | 8.8 HIGH |
|
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
|
|||||
| CVE-2025-12501 | 2025-11-04 | N/A | 7.5 HIGH | ||
|
Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately.
|
|||||
| CVE-2025-10923 | 1 Gimp | 1 Gimp | 2025-11-04 | N/A | 7.8 HIGH |
|
GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of WBMP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allo ...
Show More |
|||||
| CVE-2025-10924 | 1 Gimp | 1 Gimp | 2025-11-04 | N/A | 7.8 HIGH |
|
GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of FF files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocati ...
Show More |
|||||
| CVE-2024-47739 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
padata: use integer wrap around to prevent deadlock on seq_nr overflow
When submitting more than 2^32 padata objects to padata_do_serial, the
current sorting implementation incorrectly sorts padata objects with
overflowed seq_nr, causing them to be placed before existing objects in
the reorder list. This leads to a deadlock in the serialization process
as padata_find_next cannot match padata->seq_nr and pd->processed
because t ...
Show More |
|||||
| CVE-2024-46953 | 3 Artifex, Debian, Suse | 5 Ghostscript, Debian Linux, Linux Enterprise High Performance Computing and 2 more | 2025-11-03 | N/A | 7.8 HIGH |
|
An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution.
|
|||||
| CVE-2024-46726 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure index calculation will not overflow
[WHY & HOW]
Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will
never overflow and exceess array size.
This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
|
|||||
| CVE-2024-43890 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix overflow in get_free_elt()
"tracing_map->next_elt" in get_free_elt() is at risk of overflowing.
Once it overflows, new elements can still be inserted into the tracing_map
even though the maximum number of elements (`max_elts`) has been reached.
Continuing to insert elements after the overflow could result in the
tracing_map containing "tracing_map->max_size" elements, leaving no empty
entries.
If any attempt is m ...
Show More |
|||||
| CVE-2024-42415 | 1 Gnome | 1 Libgsf | 2025-11-03 | N/A | 8.4 HIGH |
|
An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2024-42223 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-frontends: tda10048: Fix integer overflow
state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer
when multiplied by pll_mfactor.
Create a new 64 bit variable to hold the calculations.
|
|||||
| CVE-2024-42136 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
cdrom: rearrange last_media_change check to avoid unintentional overflow
When running syzkaller with the newly reintroduced signed integer wrap
sanitizer we encounter this splat:
[ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33
[ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long')
[ 366.025894] program syz-executor.4 is using a deprecated SCSI io ...
Show More |
|||||
| CVE-2024-42131 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 4.4 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm: avoid overflows in dirty throttling logic
The dirty throttling logic is interspersed with assumptions that dirty
limits in PAGE_SIZE units fit into 32-bit (so that various multiplications
fit into 64-bits). If limits end up being larger, we will hit overflows,
possible divisions by 0 etc. Fix these problems by never allowing so
large dirty limits as they have dubious practical value anyway. For
dirty_bytes / dirty_backg ...
Show More |
|||||
| CVE-2024-40994 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ptp: fix integer overflow in max_vclocks_store
On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc()
to do the allocation to prevent this.
|
|||||
| CVE-2024-36474 | 1 Gnome | 1 Libgsf | 2025-11-03 | N/A | 8.4 HIGH |
|
An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2024-21844 | 2025-11-03 | N/A | 4.3 MEDIUM | ||
|
Integer overflow in firmware for some Intel(R) CSME may allow an unauthenticated user to potentially enable denial of service via adjacent access.
|
|||||
| CVE-2024-11236 | 1 Php | 1 Php | 2025-11-03 | N/A | 9.8 CRITICAL |
|
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
|
|||||
| CVE-2023-33864 | 1 Renderdoc | 1 Renderdoc | 2025-11-03 | N/A | 9.8 CRITICAL |
|
StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.
|
|||||
| CVE-2023-33863 | 1 Renderdoc | 1 Renderdoc | 2025-11-03 | N/A | 9.8 CRITICAL |
|
SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
|
|||||
| CVE-2022-35977 | 1 Redis | 1 Redis | 2025-11-03 | N/A | 5.5 MEDIUM |
|
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2025-24156 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to elevate privileges.
|
|||||