Vulnerabilities > Integer Overflow or Wraparound
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-15 | CVE-2024-31333 | Integer Overflow or Wraparound vulnerability in Google Android In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. | 7.8 |
| 2024-08-15 | CVE-2024-34740 | Integer Overflow or Wraparound vulnerability in Google Android In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. | 7.8 |
| 2024-08-15 | CVE-2024-7867 | Integer Overflow or Wraparound vulnerability in Xpdfreader Xpdf In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | 6.2 |
| 2024-08-14 | CVE-2024-41851 | Integer Overflow or Wraparound vulnerability in Adobe Indesign InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-08-14 | CVE-2024-41858 | Integer Overflow or Wraparound vulnerability in Adobe Incopy InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
| 2024-08-05 | CVE-2024-33022 | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption while allocating memory in HGSL driver. | 7.8 |
| 2024-07-30 | CVE-2023-33976 | Integer Overflow or Wraparound vulnerability in Google Tensorflow TensorFlow is an end-to-end open source platform for machine learning. | 7.5 |
| 2024-07-30 | CVE-2024-42131 | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). | 4.4 |
| 2024-07-30 | CVE-2024-42136 | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 366.027502] CPU: 5 PID: 28472 Comm: syz-executor.7 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 366.027512] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 366.027518] Call Trace: [ 366.027523] <TASK> [ 366.027533] dump_stack_lvl+0x93/0xd0 [ 366.027899] handle_overflow+0x171/0x1b0 [ 366.038787] ata1.00: invalid multi_count 32 ignored [ 366.043924] cdrom_ioctl+0x2c3f/0x2d10 [ 366.063932] ? __pm_runtime_resume+0xe6/0x130 [ 366.071923] sr_block_ioctl+0x15d/0x1d0 [ 366.074624] ? __pfx_sr_block_ioctl+0x10/0x10 [ 366.077642] blkdev_ioctl+0x419/0x500 [ 366.080231] ? __pfx_blkdev_ioctl+0x10/0x10 ... Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. | 7.8 |
| 2024-07-30 | CVE-2024-42223 | Integer Overflow or Wraparound vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. | 5.5 |