Total
3265 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47212 | 3 Fedoraproject, Nothings, Stb Vorbis Project | 3 Fedora, Stb Vorbis.c, Stb Vorbis | 2025-08-22 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2023-28831 | 1 Siemens | 156 Simatic Cloud Connect 7 Cc712, Simatic Cloud Connect 7 Cc712 Firmware, Simatic Cloud Connect 7 Cc716 and 153 more | 2025-08-21 | 7.5 High |
| The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | ||||
| CVE-2023-43826 | 1 Apache | 1 Guacamole | 2025-08-21 | 0 Low |
| Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue. | ||||
| CVE-2025-54631 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-20 | 6.7 Medium |
| Vulnerability of insufficient data length verification in the partition module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-6052 | 2 Gnome, Redhat | 2 Glib, Enterprise Linux | 2025-08-20 | 3.7 Low |
| A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. | ||||
| CVE-2025-50404 | 1 Intelbras | 2 Rx 1500, Rx 1500 Firmware | 2025-08-20 | 5.3 Medium |
| Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array. | ||||
| CVE-2025-4877 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-08-20 | 4.5 Medium |
| There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh. | ||||
| CVE-2025-3277 | 2 Redhat, Sqlite | 2 Enterprise Linux, Sqlite | 2025-08-18 | 9.8 Critical |
| An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution. | ||||
| CVE-2025-54472 | 1 Apache | 1 Brpc | 2025-08-18 | 7.5 High |
| Unlimited memory allocation in redis protocol parser in Apache bRPC (all versions < 1.14.1) on all platforms allows attackers to crash the service via network. Root Cause: In the bRPC Redis protocol parser code, memory for arrays or strings of corresponding sizes is allocated based on the integers read from the network. If the integer read from the network is too large, it may cause a bad alloc error and lead to the program crashing. Attackers can exploit this feature by sending special data packets to the bRPC service to carry out a denial-of-service attack on it. The bRPC 1.14.0 version tried to fix this issue by limited the memory allocation size, however, the limitation checking code is not well implemented that may cause integer overflow and evade such limitation. So the 1.14.0 version is also vulnerable, although the integer range that affect version 1.14.0 is different from that affect version < 1.14.0. Affected scenarios: Using bRPC as a Redis server to provide network services to untrusted clients, or using bRPC as a Redis client to call untrusted Redis services. How to Fix: we provide two methods, you can choose one of them: 1. Upgrade bRPC to version 1.14.1. 2. Apply this patch ( https://github.com/apache/brpc/pull/3050 ) manually. No matter you choose which method, you should note that the patch limits the maximum length of memory allocated for each time in the bRPC Redis parser. The default limit is 64M. If some of you redis request or response have a size larger than 64M, you might encounter error after upgrade. For such case, you can modify the gflag redis_max_allocation_size to set a larger limit. | ||||
| CVE-2025-5473 | 2 Gimp, Redhat | 7 Gimp, Enterprise Linux, Rhel Aus and 4 more | 2025-08-18 | 8.8 High |
| GIMP ICO File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26752. | ||||
| CVE-2023-44443 | 2 Gimp, Redhat | 3 Gimp, Enterprise Linux, Rhel Eus | 2025-08-14 | 7.8 High |
| GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-22096. | ||||
| CVE-2025-2760 | 1 Gimp | 1 Gimp | 2025-08-14 | 7.8 High |
| GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082. | ||||
| CVE-2025-24324 | 2 Intel, Kernel | 2 Ethernet 800 Series Software, Linux Kernel | 2025-08-14 | 2.8 Low |
| Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-22836 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2025-08-14 | 7.8 High |
| Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-25248 | 1 Fortinet | 3 Fortios, Fortipam, Fortiproxy | 2025-08-14 | 4.8 Medium |
| An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions and FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions SSL-VPN RDP and VNC bookmarks may allow an authenticated user to affect the device SSL-VPN availability via crafted requests. | ||||
| CVE-2025-5449 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2025-08-14 | 4.3 Medium |
| A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service. | ||||
| CVE-2025-23241 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2025-08-13 | 7.3 High |
| Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-54804 | 4 Eugeny, Russh Project, Rust-lang and 1 more | 4 Russh, Russh, Russh and 1 more | 2025-08-13 | 6.5 Medium |
| Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the free space in the receive buffer of the other side of a channel. The current implementation takes the value from the message and adds it to an internal state value. This can result in a integer overflow. If the Rust code is compiled with overflow checks, it will panic. A malicious client can crash a server. This is fixed in version 0.54.1. | ||||
| CVE-2024-38805 | 1 Tianocore | 1 Edk2 | 2025-08-13 | 6.3 Medium |
| EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | ||||
| CVE-2024-31047 | 1 Openexr | 1 Openexr | 2025-08-13 | 3.3 Low |
| An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp. | ||||