integer overflow

A small arithmetic oversight in the Linux kernel's AMD display stack—tracked as CVE-2024-47661—was patched with a surgical code change that prevents an integer overflow when a 32-bit value is assigned into an 8-bit field; while the flaw is not remotely exploitable, it carries a clear...

Microsoft’s October Patch Tuesday fixed a newly assigned vulnerability, CVE‑2025‑54957, that resides in the Windows Codecs Library and stems from an integer overflow in the Dolby Digital Plus (E‑AC‑3) audio decoder — a parsing error that can produce memory‑corruption conditions and is rated...

Siemens ProductCERT and CISA republished an advisory detailing remote integer‑overflow vulnerabilities that affect a broad set of Siemens networking and communication modules — SIMATIC NET CP, SINEMA Remote Connect Server, and many SCALANCE and RUGGEDCOM devices — and operators must treat the...

CVE-2025-54091 — Windows Hyper‑V integer overflow / wraparound (local elevation of privilege) Summary (one‑line) An integer overflow or wraparound in a Windows Hyper‑V component can be triggered by an authorized local actor and may lead to local elevation of privilege (EoP) on the Hyper‑V host...

Microsoft has published an advisory for CVE-2025-54110, a Windows Kernel vulnerability caused by an integer overflow or wraparound that can be triggered by a locally authorized attacker to achieve elevation of privilege to SYSTEM on affected machines; administrators should treat this as a...

A newly disclosed vulnerability in the Windows Distributed Transaction Coordinator (MSDTC) — tracked as CVE-2025-50166 — stems from an integer overflow or wraparound in the MSDTC code path and can allow an authorized attacker to disclose memory-resident information over a network connection...

Chromium’s evolution has been marked by its robust security model, open-source transparency, and its integration into numerous modern browsers—including Google Chrome and Microsoft Edge. With each major update, security professionals and the wider community scrutinize the codebase, searching for...

In recent years, vulnerabilities affecting virtualization technology have posed increasingly significant risks for both enterprises and everyday users. Among the latest of these threats is CVE-2025-49683, a critical remote code execution vulnerability targeting Microsoft’s Virtual Hard Disk...

Here’s a summary of CVE-2025-48002 based on the information you provided: CVE ID: CVE-2025-48002 Component: Windows Hyper-V Type: Information Disclosure Vulnerability Technical Cause: Integer overflow or wraparound Attack Vector: Allows an authorized attacker to disclose information over an...

When looking at the latest wave of security disclosures, CVE-2025-32718 stands out due to its impact on the Windows SMB client—a service backbone critical for file and printer sharing in countless enterprise and consumer settings. This newly revealed elevation of privilege vulnerability, rooted...

The Windows USB Print Driver vulnerability, designated CVE-2025-26639, has captured the attention of security professionals across the community. This integer overflow—or more precisely, a wraparound vulnerability—in the USB print driver can be leveraged by an authorized attacker to elevate...

In a recent advisory, a critical vulnerability (CVE-2025-24985) has been identified in the Windows Fast FAT File System Driver. The flaw, triggered by an integer overflow or wraparound condition, could enable an attacker to execute code by exploiting the vulnerable driver. Although the...

Original release date: August 17, 2021 Summary On August 17, 2021, BlackBerry publicly disclosed that its QNX Real Time Operating System (RTOS) is affected by a Link Removed vulnerability—CVE-2021-22156. BadAlloc is a collection of vulnerabilities affecting multiple RTOSs and supporting...

In two previous blog posts ( part 1 and part 2), we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...

Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue...

Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including...

Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin.Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including...

Revision Note: V1.0 (May 18, 2010): Advisory published. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including download links for an available security...