Total
2655 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44709 | 1 Sammycage | 1 Plutosvg | 2024-11-21 | N/A | 9.8 CRITICAL |
| PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory. | |||||
| CVE-2023-44443 | 2024-11-21 | N/A | 7.8 HIGH | ||
| GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22096. | |||||
| CVE-2023-43787 | 3 Fedoraproject, Redhat, X.org | 3 Fedora, Enterprise Linux, Libx11 | 2024-11-21 | N/A | 7.8 HIGH |
| A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. | |||||
| CVE-2023-42752 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. | |||||
| CVE-2023-42563 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | |||||
| CVE-2023-42562 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | |||||
| CVE-2023-42298 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. | |||||
| CVE-2023-42295 | 1 Openimageio | 1 Openimageio | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | |||||
| CVE-2023-41185 | 2024-11-21 | N/A | 8.6 HIGH | ||
| Unified Automation UaGateway Certificate Parsing Integer Overflow Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of client certificates. When parsing the certificate length field, the process does not properly validate user-supplied data, which can result in an integer overflow. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20353. | |||||
| CVE-2023-41056 | 2 Fedoraproject, Redis | 2 Fedora, Redis | 2024-11-21 | N/A | 8.1 HIGH |
| Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | |||||
| CVE-2023-40745 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Active Iq Unified Manager and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | |||||
| CVE-2023-40548 | 2 Fedoraproject, Redhat | 2 Fedora, Shim | 2024-11-21 | N/A | 7.4 HIGH |
| A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase. | |||||
| CVE-2023-40353 | 1 Samsung | 4 Exynos 2100, Exynos 2100 Firmware, Exynos 980 and 1 more | 2024-11-21 | N/A | 2.0 LOW |
| An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application. | |||||
| CVE-2023-40218 | 1 Samsung | 12 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 9 more | 2024-11-21 | N/A | 2.0 LOW |
| An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application. | |||||
| CVE-2023-40186 | 3 Debian, Fedoraproject, Freerdp | 3 Debian Linux, Fedora, Freerdp | 2024-11-21 | N/A | 6.5 MEDIUM |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2023-40022 | 1 Rizin | 1 Rizin | 2024-11-21 | N/A | 7.8 HIGH |
| Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. | |||||
| CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | N/A | 7.7 HIGH |
| An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | |||||
| CVE-2023-39317 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array. | |||||
| CVE-2023-39316 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array. | |||||
| CVE-2023-39275 | 1 Tonybybell | 1 Gtkwave | 2024-11-21 | N/A | 7.8 HIGH |
| Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array. | |||||