CVSS: 3.3EPSS: %CPEs: 1EXPL: 0CVE-2023-28902 – Denial of Service via integer underflow in picserver
https://notcve.org/view.php?id=CVE-2023-28902
28 Jun 2025 — An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 3.3EPSS: %CPEs: 1EXPL: 0CVE-2023-28903
https://notcve.org/view.php?id=CVE-2023-28903
28 Jun 2025 — An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2023-28908 – Integer Overflow in Non-Fragmented Data Reception
https://notcve.org/view.php?id=CVE-2023-28908
28 Jun 2025 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.0EPSS: %CPEs: 1EXPL: 0CVE-2023-28909 – Integer Overflow Leading to MTU Bypass
https://notcve.org/view.php?id=CVE-2023-28909
28 Jun 2025 — The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. ... Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. • https://asrg.io/security-advisories/vulnerabilities-in-volkswagen-mib3-infotainment-part-2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: %CPEs: -EXPL: 0CVE-2025-1991 – IBM Informix Dynamic Server denial of service
https://notcve.org/view.php?id=CVE-2025-1991
28 Jun 2025 — IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets. • https://www.ibm.com/support/pages/node/7238455 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-6603 – coldfunction qCUDA qcow.c qcow_make_empty integer overflow
https://notcve.org/view.php?id=CVE-2025-6603
25 Jun 2025 — The manipulation of the argument s->l1_size leads to integer overflow. ... Dank Manipulation des Arguments s->l1_size mit unbekannten Daten kann eine integer overflow-Schwachstelle ausgenutzt werden. • https://github.com/coldfunction/qCUDA/issues/10 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-52471 – ESP-NOW Integer Underflow Vulnerability Advisory
https://notcve.org/view.php?id=CVE-2025-52471
24 Jun 2025 — An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. ... In versions 5.4.2, 5.3.4, 5.2.6, and 5.1.6, ESP-NOW has added more comprehensive validation logic on user-supplied data length during packet reception to prevent integer underflow caused by negative value calculations. • https://github.com/espressif/esp-idf/commit/b1a379d57430d265a53aca13d59ddfbf2e7ac409 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52566 – llama.cpp tokenizer signed vs. unsigned heap overflow
https://notcve.org/view.php?id=CVE-2025-52566
24 Jun 2025 — Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. • https://github.com/ggml-org/llama.cpp/commit/dd6e6d0b6a4bbe3ebfc931d1eb14db2f2b1d70af • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-195: Signed to Unsigned Conversion Error •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-52935 – Integer Overflow or Wraparound vulnerability in dragonflydb/dragonfly
https://notcve.org/view.php?id=CVE-2025-52935
23 Jun 2025 — Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). • https://github.com/dragonflydb/dragonfly/commit/473e002c848eb312f23d84114eb4951a7c4af5a1 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6191
https://notcve.org/view.php?id=CVE-2025-6191
18 Jun 2025 — Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. • https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html • CWE-190: Integer Overflow or Wraparound CWE-472: External Control of Assumed-Immutable Web Parameter •