CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36765 – Integer Overflow in CreateHob
https://notcve.org/view.php?id=CVE-2022-36765
09 Jan 2024 — EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. ... An attacker, leveraging a local network, can initiate an integer overflow leading to a buffer overflow. • https://github.com/tianocore/edk2/security/advisories/GHSA-ch4w-v7m3-g8wx • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36764 – Heap Buffer Overflow in Tcg2MeasurePeImage
https://notcve.org/view.php?id=CVE-2022-36764
09 Jan 2024 — EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. ... A heap-based buffer overflow flaw was found via the Tcg2MeasurePeImage() function in EDK2. Successful exploitation requires a local attacker to trigger an integer overflow in the calculation of the EventSize variable at DxeTpm2MeasureBootLib.c, leading to the heap-buffer overflow, presenting a moderate risk to... • https://github.com/tianocore/edk2/security/advisories/GHSA-4hcq-p8q8-hj8j • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36763 – Heap Buffer Overflow in Tcg2MeasureGptTable
https://notcve.org/view.php?id=CVE-2022-36763
09 Jan 2024 — EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. ... A heap buffer overflow flaw was found via the Tcg2MeasureGptTable() function in EDK2, arising from inadequate validation of the GPT Primary Header, presenting a minor risk to confidentiality and integrity. ... This issue may allow a local attacker to craft a GPT table, causing an integer overflow and consequent buffer overflow... • https://github.com/tianocore/edk2/security/advisories/GHSA-xvv8-66cq-prwr • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-21646 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-21646
09 Jan 2024 — When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. • https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47994
https://notcve.org/view.php?id=CVE-2023-47994
09 Jan 2024 — An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. • https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47992
https://notcve.org/view.php?id=CVE-2023-47992
09 Jan 2024 — An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code. • https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-47996
https://notcve.org/view.php?id=CVE-2023-47996
09 Jan 2024 — An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service. • https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-32650 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-32650
08 Jan 2024 — An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35992 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35992
08 Jan 2024 — An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35128 – Debian Security Advisory 5653-1
https://notcve.org/view.php?id=CVE-2023-35128
08 Jan 2024 — An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. • https://lists.debian.org/debian-lts-announce/2024/04/msg00007.html • CWE-190: Integer Overflow or Wraparound •