CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4969 – Libsoup: off-by-one out-of-bounds read in find_boundary() in soup-multipart.c
https://notcve.org/view.php?id=CVE-2025-4969
21 May 2025 — This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). ... Fixed integer underflow in soup_multipart_new_from_message leading to denial of service. Fixed off-by-one out-of-bounds read may lead to infoleak. • https://access.redhat.com/security/cve/CVE-2025-4969 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5001 – GNU PSPP pspp-convert.c calloc integer overflow
https://notcve.org/view.php?id=CVE-2025-5001
20 May 2025 — The manipulation of the argument -l leads to integer overflow. ... Mit der Manipulation des Arguments -l mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. • https://drive.google.com/file/d/12IIt8eR591Z8O1ABOCkT_jdXSWaBxMZx/view?usp=drive_link • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47712 – Nbd: nbdkit: integer overflow triggers an assertion resulting in denial of service
https://notcve.org/view.php?id=CVE-2025-47712
20 May 2025 — A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. Existe una falla en el filtro "blocksize" de nbdkit que puede activarse con un tipo específico de solicitud de cliente. Cuando un cliente solicita información sobre el estado del bloque para un rango de datos muy grande, super... • https://access.redhat.com/security/cve/CVE-2025-47712 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-4945 – Libsoup: integer overflow in cookie expiration date handling in libsoup
https://notcve.org/view.php?id=CVE-2025-4945
19 May 2025 — The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. ... The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. • https://access.redhat.com/security/cve/CVE-2025-4945 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2025-4948 – Libsoup: integer underflow in soup_multipart_new_from_message() leading to denial of service in libsoup
https://notcve.org/view.php?id=CVE-2025-4948
19 May 2025 — Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. ... Fixed integer underflow in soup_multipart_new_from_message leading to denial of service. Fixed off-by-one out-of-bounds read may lead to infoleak. • https://access.redhat.com/security/cve/CVE-2025-4948 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40907 – FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library
https://notcve.org/view.php?id=CVE-2025-40907
16 May 2025 — The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. ... In affected versions, specially crafted nameLen or valueLen values in data sent to the IPC socket may result in a heap-based buffer overflow, which can cause an application crash or other undefined behavior. • http://www.openwall.com/lists/oss-security/2025/04/23/4 • CWE-1395: Dependency on Vulnerable Third-Party Component •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48174 – Debian Security Advisory 5930-1
https://notcve.org/view.php?id=CVE-2025-48174
16 May 2025 — In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size. • https://github.com/AOMediaCodec/libavif/commit/50a743062938a3828581d725facc9c2b92a1d109 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48175 – Debian Security Advisory 5930-1
https://notcve.org/view.php?id=CVE-2025-48175
16 May 2025 — In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. • https://github.com/AOMediaCodec/libavif/commit/64d956ed5a602f78cebf29da023280944ee92efd • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30668 – Zoom Workplace Apps - NULL Pointer Dereference
https://notcve.org/view.php?id=CVE-2025-30668
14 May 2025 — Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. • https://www.zoom.com/en/trust/security-bulletin/zsb-25020 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43547 – Bridge | Integer Overflow or Wraparound (CWE-190)
https://notcve.org/view.php?id=CVE-2025-43547
13 May 2025 — Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/bridge/apsb25-44.html • CWE-190: Integer Overflow or Wraparound •