Vulnerabilities > Numeric Errors

DATE CVE VULNERABILITY TITLE RISK
2016-06-03 CVE-2015-8872 Numeric Errors vulnerability in multiple products
The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clusters to the third to last entry on a FAT12 filesystem, which triggers an "off-by-two error."
2.1
2016-06-01 CVE-2015-8875 Numeric Errors vulnerability in multiple products
Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image, which triggers a heap-based buffer overflow.
network
gnome debian CWE-189
6.8
2016-05-20 CVE-2016-4070 Numeric Errors vulnerability in PHP
Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function.
network
low complexity
php CWE-189
7.5
2016-05-13 CVE-2015-8312 Numeric Errors vulnerability in multiple products
Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes.
local
low complexity
openafs debian CWE-189
7.8
2016-05-13 CVE-2014-9763 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
network
low complexity
debian enlightenment CWE-189
5.0
2016-05-13 CVE-2011-5326 Numeric Errors vulnerability in multiple products
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
network
low complexity
debian enlightenment CWE-189
5.0
2016-05-05 CVE-2016-2106 Numeric Errors vulnerability in multiple products
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
network
low complexity
openssl redhat CWE-189
7.5
2016-05-02 CVE-2016-2070 Numeric Errors vulnerability in Linux Kernel
The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.
network
low complexity
linux CWE-189
7.5
2016-04-19 CVE-2015-8776 Numeric Errors vulnerability in multiple products
The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
6.4
2016-04-19 CVE-2015-5479 Numeric Errors vulnerability in multiple products
The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions.
network
low complexity
ubuntu libav opensuse CWE-189
6.5