Vulnerabilities > Numeric Errors

DATE CVE VULNERABILITY TITLE RISK
2016-06-13 CVE-2016-4574 Numeric Errors vulnerability in multiple products
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data.
network
low complexity
gnupg canonical opensuse CWE-189
7.5
2016-06-13 CVE-2016-2463 Numeric Errors vulnerability in Google Android
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419.
local
low complexity
google CWE-189
8.4
2016-06-03 CVE-2015-8872 Numeric Errors vulnerability in multiple products
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
6.2
2016-06-01 CVE-2015-8875 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
local
low complexity
gnome debian CWE-189
7.8
2016-05-20 CVE-2016-4070 Numeric Errors vulnerability in PHP
Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function.
network
low complexity
php CWE-189
7.5
2016-05-13 CVE-2015-8312 Numeric Errors vulnerability in multiple products
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
local
low complexity
openafs debian CWE-189
7.8
2016-05-13 CVE-2014-9763 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
network
low complexity
debian enlightenment CWE-189
7.5
2016-05-13 CVE-2011-5326 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
network
low complexity
debian enlightenment CWE-189
7.5
2016-05-05 CVE-2016-2106 Numeric Errors vulnerability in multiple products
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
network
low complexity
openssl redhat CWE-189
7.5
2016-05-02 CVE-2016-2070 Numeric Errors vulnerability in Linux Kernel
The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.
network
low complexity
linux CWE-189
7.5