CVE-2007-1997

CVE-2007-1997 describes an integer signedness error in libclamav/cab.c (cab_unstore and cab_extract) of ClamAV before 0.90.2, where a crafted CHM file containing a negative integer can pass a signed comparison and cause a stack-based buffer overflow, enabling remote code execution according to th...

CVE-2007-1889

Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...

CVE-2007-1889

Integer signedness error in the zendmmallocint function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msgreceive wi...

CVE-2007-1889

CVE-2007-1889 is a PHP 5.2.0 vulnerability where an Integer signedness error in the Zend Memory Manager’s _zend_mm_alloc_int can allow remote code execution via large emalloc requests. The issue stems from an incorrect signed long cast, demonstrated via the HTTP SOAP client and a msg_receive call...

CVE-2007-1730

Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...

CVE-2007-1730

CVE-2007-1730 is a local kernel vulnerability due to an integer signedness error in the DCCP path (do_dccp_getsockopt) affecting Linux kernels 2.6.20 and later. The flaw allows a local user to read kernel memory or trigger a denial of service via a negative optlen. This is confirmed by Red Hat CV...

CVE-2007-1730

Integer signedness error in the DCCP support in the dodccpgetsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service oops via a negative optlen value...

CVE-2006-7095

Integer signedness error in the networkreceivepacket function in socket.c in dimension 3 engine dim3 1.5 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large datalen value, which is cast to a signed short and results in...

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

CVE-2006-6013

Integer signedness error in the fwioctl FWIOCTL function in the FireWire IEEE-1394 drivers dev/firewire/fwdev.c in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD-current before 20061116, NetBSD-4 before 20061203, and TrustedBSD, allows...

CVE-2006-6013

The CVE-2006-6013 issue affects the FireWire (IEEE-1394) driver fwdev.c in several BSDs, where in the FW_GCROM ioctl a signed integer comparison is used to compute the length of a buffer copied from kernel memory, effectively enabling a local user to read arbitrary kernel memory contents when cro...

CVE-2006-4516

CVE-2006-4516 affects FreeBSD 6.0-RELEASE. The kernel’s PT_LWPINFO ptrace handling has a signedness flaw: a large negative data value can bypass the signed check and be passed to copyout, causing memory corruption and kernel panic. Impact is a local denial-of-service condition. Described in iDefe...

CVE-2006-4178

Integer signedness error in the i386setldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service crash via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a...

CVE-2006-4178

CVE-2006-4178 is a local denial-of-service vulnerability in FreeBSD’s i386_set_ldt implementation. The issue arises from signedness in the i386_ldt handling: user-controlled start and num are added into a signed i, and if i becomes negative, bzero is invoked with a very large length, allowing a k...

CVE-2006-4178

Integer signedness error in the i386setldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service crash via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a...

Opera: Buffer overflow

Background Opera is a multi-platform web browser. Description SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buff...

DSA-1048-1 asterisk - several vulnerabilities

Bulletin has no description...

CVE-2006-1834

Opera before 8.54 is affected by a vulnerability caused by an integer signedness error in the handling of long values in a stylesheet attribute, which can bypass a length check and potentially allow remote code execution. This is documented in multiple sources associated with CVE-2006-1834, inclu...

CVE-2006-1827

Integer signedness error in formatjpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length...

CVE-2006-1827

Integer signedness error in formatjpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length...