Total
2461 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23576 | 1 Google | 1 Tensorflow | 2022-02-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2008-4019 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2022-02-09 | 9.3 HIGH | N/A |
| Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." | |||||
| CVE-2022-23559 | 1 Google | 1 Tensorflow | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. | |||||
| CVE-2022-23558 | 1 Google | 1 Tensorflow | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23562 | 1 Google | 1 Tensorflow | 2022-02-09 | 6.5 MEDIUM | 8.8 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2006-4519 | 1 Gimp | 1 Gimp | 2022-02-07 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files. | |||||
| CVE-2009-1570 | 1 Gimp | 1 Gimp | 2022-02-07 | 9.3 HIGH | N/A |
| Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow. | |||||
| CVE-2009-3909 | 1 Gimp | 1 Gimp | 2022-02-07 | 9.3 HIGH | N/A |
| Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. | |||||
| CVE-2007-2949 | 2 Canonical, Gimp | 2 Ubuntu Linux, Gimp | 2022-02-07 | 6.8 MEDIUM | N/A |
| Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value. | |||||
| CVE-2007-2834 | 4 Apache, Canonical, Debian and 1 more | 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more | 2022-02-07 | 9.3 HIGH | N/A |
| Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. | |||||
| CVE-2009-2949 | 3 Apache, Canonical, Debian | 3 Openoffice, Ubuntu Linux, Debian Linux | 2022-02-07 | 9.3 HIGH | N/A |
| Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. | |||||
| CVE-2013-4391 | 2 Debian, Systemd Project | 2 Debian Linux, Systemd | 2022-01-31 | 7.5 HIGH | N/A |
| Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow. | |||||
| CVE-2021-30636 | 1 Mediatek | 1 Linkit Software Development Kit | 2022-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc. | |||||
| CVE-2021-38787 | 1 Allwinnertech | 2 Android Q Sdk, R818 | 2022-01-26 | 7.8 HIGH | 7.5 HIGH |
| There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd "COMPAT_ION_IOC_SUNXI_FLUSH_RANGE" to cause a system crash (denial of service). | |||||
| CVE-2017-7529 | 3 Apple, F5, Puppet | 3 Xcode, Nginx, Puppet Enterprise | 2022-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request. | |||||
| CVE-2021-44711 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-01-21 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-39993 | 1 Huawei | 2 Emui, Magic Ui | 2022-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | |||||
| CVE-2021-30274 | 1 Qualcomm | 252 Ar8031, Ar8031 Firmware, Ar8035 and 249 more | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
| Possible integer overflow in access control initialization interface due to lack and size and address validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30275 | 1 Qualcomm | 254 Ar8031, Ar8031 Firmware, Ar8035 and 251 more | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
| Possible integer overflow in page alignment interface due to lack of address and size validation before alignment in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-20012 | 2 Google, Mediatek | 42 Android, Mt6580, Mt6739 and 39 more | 2022-01-11 | 4.6 MEDIUM | 7.8 HIGH |
| In mdp driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05836478; Issue ID: ALPS05836478. | |||||