CWE-189: Numeric Errors — known CVE vulnerabilities
CVEs classified under CWE-189 (Numeric Errors), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2015-8396 — CVSS 10.0 (critical): Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots…
CVE-2015-7205 — CVSS 10.0 (critical): Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might…
CVE-2015-6575 — CVSS 10.0 (critical): SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote…
CVE-2015-3864 — CVSS 10.0 (critical): Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1…
CVE-2015-3836 — CVSS 10.0 (critical): The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject…
CVE-2015-3834 — CVSS 10.0 (critical): Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I…
CVE-2015-3829 — CVSS 10.0 (critical): Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows…
CVE-2015-1539 — CVSS 10.0 (critical): Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow…
CVE-2015-1538 — CVSS 10.0 (critical): Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I…
CVE-2014-7917 — CVSS 10.0 (critical): Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug…
CVE-2014-7916 — CVSS 10.0 (critical): Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug…
CVE-2014-7915 — CVSS 10.0 (critical): Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug…
CVE-2015-4479 — CVSS 10.0 (critical): Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to…
CVE-2015-5560 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199…
CVE-2015-3110 — CVSS 10.0 (critical): Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary…
CVE-2015-3104 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before…
CVE-2015-4067 — CVSS 10.0 (critical): Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted…
CVE-2015-3087 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before…
CVE-2015-0135 — CVSS 10.0 (critical): IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of…
CVE-2015-1066 — CVSS 10.0 (critical): Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context…
CVE-2015-1474 — CVSS 10.0 (critical): Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android…
CVE-2014-4497 — CVSS 10.0 (critical): Integer signedness error in IOBluetoothFamily in the Bluetooth implementation in Apple OS X before 10.10 allows attackers to execute…
CVE-2014-8118 — CVSS 10.0 (critical): Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section…
CVE-2014-8449 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute…
CVE-2014-1359 — CVSS 10.0 (critical): Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute…
CVE-2014-1358 — CVSS 10.0 (critical): Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute…
CVE-2014-2977 — CVSS 10.0 (critical): Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13…
CVE-2013-4289 — CVSS 10.0 (critical): Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors…
CVE-2013-0864 — CVSS 10.0 (critical): The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which…
CVE-2013-3358 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute…
CVE-2013-3357 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute…
CVE-2013-3347 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on…
CVE-2013-2727 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute…
CVE-2013-0646 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x…
CVE-2013-0639 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before…
CVE-2013-0613 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute…
CVE-2013-0609 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute…
CVE-2012-5677 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before…
CVE-2012-0417 — CVSS 10.0 (critical): Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows…
CVE-2012-0271 — CVSS 10.0 (critical): Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and…
CVE-2012-4167 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x…
CVE-2012-2429 — CVSS 10.0 (critical): The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via…
CVE-2012-2428 — CVSS 10.0 (critical): Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers…
CVE-2012-0774 — CVSS 10.0 (critical): Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a…
CVE-2012-1182 — CVSS 10.0 (critical): The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array…
CVE-2011-2662 — CVSS 10.0 (critical): Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary…
CVE-2011-2998 — CVSS 10.0 (critical): Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or…
CVE-2011-0547 — CVSS 10.0 (critical): Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and…
CVE-2011-2416 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and…
CVE-2011-2138 — CVSS 10.0 (critical): Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and…