Search Results (1242 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1467 1 Apple 1 Itunes 2026-04-16 N/A
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
CVE-2004-2731 1 Linux 1 Linux Kernel 2026-04-16 N/A
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size to the copyin_string function or (2) a negative buffer size to the copyin function.
CVE-2006-1458 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
CVE-2006-3879 1 Miod Vallat 1 Mikmod 2026-04-16 N/A
Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in an XCOM chunk.
CVE-2006-3464 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
CVE-2005-3710 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
CVE-2006-1462 1 Apple 1 Quicktime 2026-04-16 N/A
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
CVE-2005-3709 1 Apple 1 Quicktime 2026-04-16 N/A
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
CVE-2006-1459 1 Apple 1 Quicktime 2026-04-16 N/A
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV).
CVE-2006-0020 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more 2026-04-16 N/A
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
CVE-2005-1852 5 Centericq, Ekg, Kadu and 2 more 5 Centericq, Ekg, Kadu and 2 more 2026-04-16 N/A
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
CVE-2005-2495 2 Redhat, Xfree86 Project 2 Enterprise Linux, Xfree86 2026-04-16 N/A
Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image.
CVE-2005-3711 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
CVE-2006-1737 2 Mozilla, Redhat 5 Firefox, Mozilla Suite, Seamonkey and 2 more 2026-04-16 N/A
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.
CVE-2006-3744 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
CVE-2006-4486 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-16 N/A
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.
CVE-2006-0747 2 Freetype, Redhat 2 Freetype, Enterprise Linux 2026-04-16 N/A
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.
CVE-2006-2376 1 Microsoft 3 Windows 98, Windows 98se, Windows Me 2026-04-16 N/A
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
CVE-2005-2753 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
CVE-2006-3747 3 Apache, Canonical, Debian 3 Http Server, Ubuntu Linux, Debian Linux 2026-04-16 N/A
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.