CWE:
 

Topic
Date
Author
Med.
MiniUPnP MiniUPnPc < 2.0 Remote Denial of Service
12.01.2018
tintinweb
Med.
Windows Kernel win32k.sys Integer Overflow (MS13-101)
12.12.2013
CORE
High
Apache 1.3.41 mod_proxy Integer overflow (code execution)
29.01.2010
Adam Zabrocki
Med.
Adobe Flash Player ActionScript Exception Handler Integer Overflow Vulnerability
11.12.2009
ZDI


CVEMAP Search Results

CVE
Details
Description
2018-08-03
Medium
CVE-2018-14883

Vendor: PHP
Software: PHP
 

 
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

 
Medium
CVE-2018-14576

Vendor: Suncontract
Software: Smartcontracts
 

 
The mintToken function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.

 
2018-08-02
Medium
CVE-2017-9120

Vendor: PHP
Software: PHP
 

 
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

 
2018-08-01
Medium
CVE-2016-9580

Vendor: Openjpeg
Software: Openjpeg
 

 
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

 
2018-07-31
Medium
CVE-2018-14295

Vendor: Foxitsoftware
Software: Foxit reader
 

 
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF Phantom PDF 9.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF documents. When parsing shading patterns, the process does not properly validate user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6223.

 
2018-07-30
Medium
CVE-2017-7482

Vendor: Redhat
Software: Enterprise mrg
 

 
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.

 
2018-07-20
Medium
CVE-2018-14444

Vendor: Libdxfrw project
Software: Libdxfrw
 

 
libdxfrw 0.6.3 has an Integer Overflow in dwgCompressor::decompress18 in dwgutil.cpp, leading to an out-of-bounds read and application crash.

 
2018-07-18
Medium
CVE-2018-14343

Vendor: Wireshark
Software: Wireshark
 

 
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed the maximum signed integer.

 
2018-07-16
Low
CVE-2018-0360

Vendor: Clamav
Software: Clamav
 

 
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

 
Medium
CVE-2018-14326

Vendor: Techsmith
Software: Mp4v2
 

 
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top