CVEbaza.plSłownik CWECWE-680
Common Weakness Enumeration

CWE-680

Integer Overflow to Buffer Overflow

Kategoria: CompoundCVE: 106
Opis

Produkt wykonuje obliczenia w celu określenia, ile pamięci należy przydzielić, jednak może dojść do przepełnienia liczby całkowitej, które spowoduje przydzielenie mniej pamięci niż oczekiwane. Prowadzi to do przepełnienia bufora.

Description (EN)

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Podatności CVE z CWE-680 (106)
9.8
CVSS
CRITICAL
CVE-2026-8376

Perl w wersjach do 5.43.10 zawiera podatność typu heap buffer overflow podczas kompilacji wyrażeń regularnych zawierających powtarzające się stałe ciągi znaków na kompilacjach 32-bitowych. Podatność uzyskała ocenę CVSS 9.8 (CRITICAL) i może być wywołana zdalnie bez uwierzytelnienia.

pub. 2026-05-26
9.8
CVSS
CRITICAL
CVE-2025-54952

Podatność integer overflow w mechanizmie ładowania modeli ExecuTorch może prowadzić do wykonania dowolnego kodu. Błąd ma ocenę CVSS 9.8 (CRITICAL) i jest osiągalny zdalnie bez uwierzytelnienia.

pub. 2025-08-08
9.8
CVSS
CRITICAL
CVE-2024-33078

Tencent LibPAG v4.3 zawiera podatność typu buffer overflow, która pozwala atakującemu na zdalne wykonanie kodu (RCE). Przesłanie specjalnie spreparowanego obrazu wystarczy, aby wywołać przepełnienie bufora bez jakiejkolwiek interakcji ze strony uprawnionego użytkownika.

pub. 2024-05-01
9.8
CVSS
CRITICAL
CVE-2022-35289

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

pub. 2022-10-11
9.8
CVSS
CRITICAL
CVE-2021-40417

When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.

pub. 2021-12-22
9.8
CVSS
CRITICAL
CVE-2021-21832

A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon Tools Pro 8.3.0.0767. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.

pub. 2021-08-17
9.8
CVSS
CRITICAL
CVE-2021-21783

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

pub. 2021-03-25
9.8
CVSS
CRITICAL
CVE-2020-13576

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

pub. 2021-02-10
9.8
CVSS
CRITICAL
CVE-2018-8794

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.

pub. 2019-02-05
9.8
CVSS
CRITICAL
CVE-2018-8795

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.

pub. 2019-02-05
9.8
CVSS
CRITICAL
CVE-2018-8786

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

pub. 2018-11-29
9.8
CVSS
CRITICAL
CVE-2018-8787

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

pub. 2018-11-29
9.2
CVSS
CRITICAL
CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

pub. 2026-06-17
8.9
CVSS
HIGH
CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.

pub. 2025-07-10
8.8
CVSS
HIGH
CVE-2025-32468

A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

pub. 2025-08-25
8.8
CVSS
HIGH
CVE-2025-46407

A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur which will cause a heap-based buffer to overflow when reading the palette from the image. These conditions can allow for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

pub. 2025-08-25
8.8
CVSS
HIGH
CVE-2025-52456

A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

pub. 2025-08-25
8.8
CVSS
HIGH
CVE-2025-52930

A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

pub. 2025-08-25
8.8
CVSS
HIGH
CVE-2025-53510

A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.

pub. 2025-08-25
8.8
CVSS
HIGH
CVE-2021-32765

Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protocol data. When parsing `multi-bulk` (array-like) replies, hiredis fails to check if `count * sizeof(redisReply*)` can be represented in `SIZE_MAX`. If it can not, and the `calloc()` call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow. Users of hiredis who are unable to update may set the [maxelements](https://github.com/redis/hiredis#reader-max-array-elements) context option to a value small enough that no overflow is possible.

pub. 2021-10-04
Pokazano 20 z 106 podatności
Informacje
ID: CWE-680
Typ: Compound
Podatności: 106
MITRE CWE ↗
← Słownik CWE