CWE-681
AllowedIncorrect Conversion between Numeric Types
Abstraction: Base · Status: Draft
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
126 vulnerabilities reference this CWE, most recent first.
GHSA-7355-PWX2-PM84
Vulnerability from github – Published: 2026-02-24 15:45 – Updated: 2026-02-24 15:45A crafted SVG file can cause a denial of service. An off-by-one boundary check (> instead of >=) that allows bypass the guard and reach an undefined (size_t) cast.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.10.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25989"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-24T15:45:35Z",
"nvd_published_at": "2026-02-24T03:16:00Z",
"severity": "HIGH"
},
"details": "A crafted SVG file can cause a denial of service. An off-by-one boundary check (`\u003e` instead of `\u003e=`) that allows bypass the guard and reach an undefined `(size_t)` cast.",
"id": "GHSA-7355-pwx2-pm84",
"modified": "2026-02-24T15:45:35Z",
"published": "2026-02-24T15:45:35Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25989"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
},
{
"type": "WEB",
"url": "https://github.com/dlemstra/Magick.NET/releases/tag/14.10.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder"
}
GHSA-78PW-6G8H-CP3C
Vulnerability from github – Published: 2024-11-28 18:38 – Updated: 2024-11-28 18:38The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.
{
"affected": [],
"aliases": [
"CVE-2024-7747"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-28T13:15:21Z",
"severity": "MODERATE"
},
"details": "The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator.",
"id": "GHSA-78pw-6g8h-cp3c",
"modified": "2024-11-28T18:38:37Z",
"published": "2024-11-28T18:38:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7747"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/woo-wallet/trunk/includes/class-woo-wallet-frontend.php#L407"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3145131"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd8f3eb7-ac60-46c4-b41f-5d89e3133042?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7MGR-JPP8-WJG4
Vulnerability from github – Published: 2024-03-12 18:31 – Updated: 2024-03-12 18:31Microsoft ODBC Driver Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-26162"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T17:15:55Z",
"severity": "HIGH"
},
"details": "Microsoft ODBC Driver Remote Code Execution Vulnerability",
"id": "GHSA-7mgr-jpp8-wjg4",
"modified": "2024-03-12T18:31:14Z",
"published": "2024-03-12T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26162"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7Q67-HCV3-7RJ3
Vulnerability from github – Published: 2022-05-24 22:28 – Updated: 2022-05-24 22:28An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-13545"
],
"database_specific": {
"cwe_ids": [
"CWE-681",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-06T15:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021\u2019s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.",
"id": "GHSA-7q67-hcv3-7rj3",
"modified": "2022-05-24T22:28:23Z",
"published": "2022-05-24T22:28:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13545"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7XR5-W5MJ-R2JM
Vulnerability from github – Published: 2024-06-11 15:31 – Updated: 2024-06-11 15:31A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cause a denial of service condition on affected devices.
{
"affected": [],
"aliases": [
"CVE-2022-40225"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-10T22:15:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions \u003c V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions \u003c V2.4.8). Casting an internal value could lead to floating point exception under certain circumstances. This could allow an attacker to cause a denial of service condition on affected devices.",
"id": "GHSA-7xr5-w5mj-r2jm",
"modified": "2024-06-11T15:31:06Z",
"published": "2024-06-11T15:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40225"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-82HP-4WV7-4PR5
Vulnerability from github – Published: 2022-05-13 01:11 – Updated: 2022-05-13 01:11FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
{
"affected": [],
"aliases": [
"CVE-2010-2807"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2010-08-19T18:00:00Z",
"severity": "MODERATE"
},
"details": "FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.",
"id": "GHSA-82hp-4wv7-4pr5",
"modified": "2022-05-13T01:11:16Z",
"published": "2022-05-13T01:11:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2807"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/maverick/+source/freetype/+bug/617019"
},
{
"type": "WEB",
"url": "https://savannah.nongnu.org/bugs/?30657"
},
{
"type": "WEB",
"url": "http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2"
},
{
"type": "WEB",
"url": "http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=346f1867fd32dae8f56e5b482d1af98f626804ac"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security\u0026m=128111955616772\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40816"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40982"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42314"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/42317"
},
{
"type": "WEB",
"url": "http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4435"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4456"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT4457"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/42285"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-972-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2018"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/2106"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/3045"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/3046"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-844W-J86R-4X2J
Vulnerability from github – Published: 2019-12-16 20:17 – Updated: 2024-10-28 14:44Impact
A heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from int64 to int32 and can produce negative numbers, resulting in accessing out of bounds heap memory.
This is unlikely to be exploitable and was detected and fixed internally. We are making the security advisory only to notify users that it is better to update to TensorFlow 1.15 or 2.0 or later as these versions already have this fixed.
Patches
Patched by db4f9717c41bccc3ce10099ab61996b246099892 and released in all official releases after 1.15 and 2.0.
For more information
Please consult SECURITY.md for more information regarding the security model and how to contact us with issues and questions.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-16778"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-681"
],
"github_reviewed": true,
"github_reviewed_at": "2019-12-16T20:16:12Z",
"nvd_published_at": "2019-12-16T21:15:00Z",
"severity": "LOW"
},
"details": "### Impact\n\nA heap buffer overflow in `UnsortedSegmentSum` can be produced when the `Index` template argument is `int32`. In this case `data_size` and `num_segments` fields are truncated from `int64` to `int32` and can produce negative numbers, resulting in accessing out of bounds heap memory.\n\nThis is unlikely to be exploitable and was detected and fixed internally. We are making the security advisory only to notify users that it is better to update to TensorFlow 1.15 or 2.0 or later as these versions already have this fixed.\n\n### Patches\n\nPatched by db4f9717c41bccc3ce10099ab61996b246099892 and released in all official releases after 1.15 and 2.0.\n\n### For more information\nPlease consult [`SECURITY.md`](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
"id": "GHSA-844w-j86r-4x2j",
"modified": "2024-10-28T14:44:38Z",
"published": "2019-12-16T20:17:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16778"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2019-227.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2019-234.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2019-209.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow"
}
GHSA-8785-3W2W-JPFR
Vulnerability from github – Published: 2023-04-01 06:31 – Updated: 2023-04-10 18:30NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.
{
"affected": [],
"aliases": [
"CVE-2023-0185"
],
"database_specific": {
"cwe_ids": [
"CWE-196",
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-01T05:15:00Z",
"severity": "HIGH"
},
"details": "NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.",
"id": "GHSA-8785-3w2w-jpfr",
"modified": "2023-04-10T18:30:22Z",
"published": "2023-04-01T06:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0185"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202310-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C6J-33P3-5MCX
Vulnerability from github – Published: 2022-06-19 00:00 – Updated: 2022-06-28 00:00A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.
{
"affected": [],
"aliases": [
"CVE-2014-125011"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-18T07:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue.",
"id": "GHSA-8c6j-33p3-5mcx",
"modified": "2022-06-28T00:00:45Z",
"published": "2022-06-19T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-125011"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.12391"
},
{
"type": "WEB",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8MPQ-MW74-R6Q5
Vulnerability from github – Published: 2022-05-13 01:08 – Updated: 2022-05-13 01:08An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.
{
"affected": [],
"aliases": [
"CVE-2019-9749"
],
"database_specific": {
"cwe_ids": [
"CWE-681"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-13T19:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin\u0027s mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.",
"id": "GHSA-8mpq-mw74-r6q5",
"modified": "2022-05-13T01:08:20Z",
"published": "2022-05-13T01:08:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9749"
},
{
"type": "WEB",
"url": "https://github.com/fluent/fluent-bit/issues/1135"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Avoid making conversion between numeric types. Always check for the allowed ranges.
No CAPEC attack patterns related to this CWE.