CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36125 – Integer overflow when reading corrupted .avro file in Avro Rust SDK
https://notcve.org/view.php?id=CVE-2022-36125
09 Aug 2022 — It is possible to crash (panic) an application by providing a corrupted data to be read. This issue affects Rust applications using Apache Avro Rust SDK prior to 0.14.0 (previously known as avro-rs). Users should update to apache-avro version 0.14.0 which addresses this issue. Es posible bloquear (hacer entrar en pánico) una aplicación proporcionando un dato corrupto para ser leído. Este problema afecta a las aplicaciones Rust usando el SDK de Apache Avro Rust versiones anteriores a 0.14.0 (anteriormente co... • https://lists.apache.org/thread/t1r5xz0pvhm4tosqopjpj6dz8zlsht07 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-32543
https://notcve.org/view.php?id=CVE-2022-32543
05 Aug 2022 — An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1527 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-29886
https://notcve.org/view.php?id=CVE-2022-29886
05 Aug 2022 — An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1533 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-33719
https://notcve.org/view.php?id=CVE-2022-33719
05 Aug 2022 — Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. • https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 5CVE-2022-37434 – zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field
https://notcve.org/view.php?id=CVE-2022-37434
05 Aug 2022 — Issues addressed include buffer over-read, buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://github.com/xen0bit/CVE-2022-37434_poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34612 – Gentoo Linux Security Advisory 202209-06
https://notcve.org/view.php?id=CVE-2022-34612
27 Jul 2022 — Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). • https://github.com/rizinorg/rizin/issues/2738 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33439
https://notcve.org/view.php?id=CVE-2021-33439
26 Jul 2022 — There is Integer overflow in gc_compact_strings() in mjs.c. • https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d • CWE-190: Integer Overflow or Wraparound CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 3CVE-2021-46829 – gdk-pixbuf: heap-based buffer overflow when compositing or clearing frames in GIF files
https://notcve.org/view.php?id=CVE-2021-46829
24 Jul 2022 — GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. GdkPixbuf de GNOME (también se conoce como GDK-PixBuf) versiones anteriores a 2.42.8, permite un desbordamiento del búfer en la región heap de la memoria cuando son compuestos o borran fotogramas en archivos GIF, como es dem... • http://www.openwall.com/lists/oss-security/2022/07/25/1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-21550 – Oracle MySQL Cluster Data Node Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-21550
19 Jul 2022 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. • https://security.netapp.com/advisory/ntap-20220729-0004 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1924 – gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression
https://notcve.org/view.php?id=CVE-2022-1924
19 Jul 2022 — Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. ... If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). ... An integer overflow can lead to a heap-based buffer overflow in the... • https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •