Vulnerabilities > Integer Overflow or Wraparound

DATE CVE VULNERABILITY TITLE RISK
2016-12-13 CVE-2016-7944 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
network
low complexity
x-org fedoraproject CWE-190
critical
9.8
2016-12-13 CVE-2016-5841 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
network
low complexity
imagemagick oracle CWE-190
critical
9.8
2016-12-12 CVE-2016-9427 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
network
low complexity
bdwgc-project debian opensuse CWE-190
critical
9.8
2016-12-12 CVE-2016-9426 Integer Overflow or Wraparound vulnerability in Tats W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.
network
low complexity
tats CWE-190
8.8
2016-12-10 CVE-2016-6888 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the net_tx_pkt_init function in hw/net/net_tx_pkt.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU process crash) via the maximum fragmentation count, which triggers an unchecked multiplication and NULL pointer dereference.
local
low complexity
qemu debian redhat CWE-190
4.4
2016-12-09 CVE-2016-9104 Integer Overflow or Wraparound vulnerability in multiple products
Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xattr_write functions in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allow local guest OS administrators to cause a denial of service (QEMU process crash) via a crafted offset, which triggers an out-of-bounds access.
local
low complexity
qemu debian opensuse CWE-190
4.4
2016-12-06 CVE-2015-8870 Integer Overflow or Wraparound vulnerability in Libtiff
Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file.
network
high complexity
libtiff CWE-190
7.4
2016-11-28 CVE-2016-9084 Integer Overflow or Wraparound vulnerability in Linux Kernel
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.
local
low complexity
linux CWE-190
7.8
2016-11-28 CVE-2016-9083 Integer Overflow or Wraparound vulnerability in Linux Kernel
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
local
low complexity
linux CWE-190
7.8
2016-11-22 CVE-2016-9538 Integer Overflow or Wraparound vulnerability in Libtiff 4.0.6
tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readContigStripsIntoBuffer() because of a uint16 integer overflow.
network
low complexity
libtiff CWE-190
critical
9.8