Total
1228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2174 | 1 Zapping-vbi | 1 Zvbi | 2025-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | |||||
| CVE-2025-2175 | 1 Zapping-vbi | 1 Zvbi | 2025-10-03 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. | |||||
| CVE-2025-9688 | 2025-09-02 | 5.1 MEDIUM | 5.0 MEDIUM | ||
| A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch. | |||||
| CVE-2015-8396 | 1 Malaterre | 1 Grassroots Dicom | 2025-08-21 | 10.0 HIGH | 10.0 CRITICAL |
| Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow. | |||||
| CVE-2014-9192 | 1 Trihedral | 1 Vtscada | 2025-07-25 | 7.8 HIGH | N/A |
| Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 through 9.x before 9.1.20, 10.x before 10.2.22, and 11.x before 11.1.07 allows remote attackers to cause a denial of service (server crash) via a crafted request, which triggers a large memory allocation. | |||||
| CVE-2025-6603 | 2025-06-26 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1_size leads to integer overflow. The attack needs to be approached locally. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | |||||
| CVE-2025-5001 | 1 Gnu | 1 Pspp | 2025-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the argument -l leads to integer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2013-7354 | 1 Libpng | 1 Libpng | 2025-06-09 | 5.0 MEDIUM | 6.5 MEDIUM |
| Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow. | |||||
| CVE-2013-7353 | 1 Libpng | 1 Libpng | 2025-06-09 | 5.0 MEDIUM | 6.5 MEDIUM |
| Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow. | |||||
| CVE-2016-5241 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Leap and 1 more | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | |||||
| CVE-2016-5224 | 1 Google | 1 Chrome | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | |||||
| CVE-2016-9266 | 1 Libming | 1 Libming | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | |||||
| CVE-2016-9825 | 1 Libav | 1 Libav | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2016-6242 | 1 Openbsd | 1 Openbsd | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call. | |||||
| CVE-2016-9819 | 1 Libav | 1 Libav | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2016-9820 | 1 Libav | 1 Libav | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | |||||
| CVE-2016-10094 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | |||||
| CVE-2016-9961 | 5 Fedoraproject, Game-music-emu Project, Novell and 2 more | 7 Fedora, Game-music-emu, Suse Linux Enterprise Desktop and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| game-music-emu before 0.6.1 mishandles unspecified integer values. | |||||
| CVE-2014-9915 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile. | |||||
| CVE-2016-10158 | 1 Php | 1 Php | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | |||||