Vulnerabilities > Numeric Errors

DATE CVE VULNERABILITY TITLE RISK
2017-03-01 CVE-2016-9819 Numeric Errors vulnerability in Libav 11.8
libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.
local
low complexity
libav CWE-189
5.5
2017-03-01 CVE-2016-10094 Numeric Errors vulnerability in Libtiff 4.0.7
Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image.
local
low complexity
libtiff CWE-189
7.8
2017-02-03 CVE-2016-5241 Numeric Errors vulnerability in multiple products
magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.
local
low complexity
graphicsmagick debian opensuse CWE-189
5.5
2017-01-24 CVE-2016-10158 Numeric Errors vulnerability in PHP
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.
network
low complexity
php CWE-189
7.5
2017-01-23 CVE-2016-6223 Numeric Errors vulnerability in Libtiff
The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.
network
low complexity
libtiff CWE-189
critical
9.1
2017-01-23 CVE-2015-4626 Numeric Errors vulnerability in Treasuryxpress C2Box
B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.
network
low complexity
treasuryxpress CWE-189
7.5
2017-01-19 CVE-2016-5224 Numeric Errors vulnerability in Google Chrome
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
network
low complexity
google CWE-189
4.3
2016-09-16 CVE-2016-2181 Numeric Errors vulnerability in multiple products
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.
network
low complexity
openssl oracle CWE-189
7.5
2016-08-06 CVE-2016-6510 Numeric Errors vulnerability in Wireshark
Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.
network
high complexity
wireshark CWE-189
5.9
2016-08-06 CVE-2014-9876 Numeric Errors vulnerability in Google Android
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.
local
low complexity
google CWE-189
7.8