CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42295
https://notcve.org/view.php?id=CVE-2023-42295
23 Oct 2023 — An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c Un problema en OpenImageIO oiio v.2.4.12.0 permite a un atacante remoto ejecutar código arbitrario y provocar una denegación de servicio a través de la función read_rle_image del archivo bifs/unquantize.c • https://github.com/OpenImageIO/oiio/issues/3947 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45681 – Out of bounds heap buffer write in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45681
20 Oct 2023 — The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3660-L3677 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45677 – Heap buffer out of bounds write in start_decoder in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45677
20 Oct 2023 — Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3652-L3658 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45676 – Multi-byte write heap buffer overflow in start_decoder in stb_vorbis
https://notcve.org/view.php?id=CVE-2023-45676
20 Oct 2023 — The root cause is an integer overflow in `setup_malloc`. • https://github.com/nothings/stb/blob/5736b15f7ea0ffb08dd38af21067c314d6a3aae9/stb_vorbis.c#L3656 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3487 – Integer overflow in Silicon Labs Gecko Bootloader leads to unbounded memory access
https://notcve.org/view.php?id=CVE-2023-3487
20 Oct 2023 — An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. • https://community.silabs.com/s/contentdocument/0698Y00000ZmXqLQAV • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2023-38127
https://notcve.org/view.php?id=CVE-2023-38127
19 Oct 2023 — An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. • https://jvn.jp/en/jp/JVN28846531/index.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46228
https://notcve.org/view.php?id=CVE-2023-46228
19 Oct 2023 — zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. zchunk anterior a 1.3.2 tiene múltiples desbordamientos de enteros a través de archivos zchunk con formato incorrecto a lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c o lib/header.c. • https://bugzilla.suse.com/show_bug.cgi?id=1216268 • CWE-190: Integer Overflow or Wraparound •
CVSS: 3.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-45145 – Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
https://notcve.org/view.php?id=CVE-2023-45145
18 Oct 2023 — An attacker could possibly use this issue to trigger an integer overflow, which might cause Redis to allocate impossible amounts of memory, resulting in a denial of service via an application crash. • https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 • CWE-269: Improper Privilege Management CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45853 – zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6
https://notcve.org/view.php?id=CVE-2023-45853
14 Oct 2023 — MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. • http://www.openwall.com/lists/oss-security/2023/10/20/9 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42752 – Kernel: integer overflow in igmpv3_newpack leading to exploitable memory access
https://notcve.org/view.php?id=CVE-2023-42752
13 Oct 2023 — An integer overflow flaw was found in the Linux kernel. • http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html • CWE-190: Integer Overflow or Wraparound •