Vulnerabilities > Numeric Errors
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-01 | CVE-2016-9819 | Numeric Errors vulnerability in Libav 11.8 libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value. | 5.5 |
2017-03-01 | CVE-2016-10094 | Numeric Errors vulnerability in Libtiff 4.0.7 Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image. | 7.8 |
2017-02-03 | CVE-2016-5241 | Numeric Errors vulnerability in multiple products magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file. | 5.5 |
2017-01-24 | CVE-2016-10158 | Numeric Errors vulnerability in PHP The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | 7.5 |
2017-01-23 | CVE-2016-6223 | Numeric Errors vulnerability in Libtiff The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer. | 9.1 |
2017-01-23 | CVE-2015-4626 | Numeric Errors vulnerability in Treasuryxpress C2Box B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. | 7.5 |
2017-01-19 | CVE-2016-5224 | Numeric Errors vulnerability in Google Chrome A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | 4.3 |
2016-09-16 | CVE-2016-2181 | Numeric Errors vulnerability in multiple products The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. | 7.5 |
2016-08-06 | CVE-2016-6510 | Numeric Errors vulnerability in Wireshark Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet. | 5.9 |
2016-08-06 | CVE-2014-9876 | Numeric Errors vulnerability in Google Android drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. | 7.8 |