In Expat (aka libexpat) before 2.4.3 a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g. allocating too few bytes or only freeing memory).

...

CVE-2017-9188

libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be represented in type int" issue in input-bmp.c:516:63...

CVE-2017-9188

CVE-2017-9188 affects AutoTrace 0.31.1 (libautotrace.a). The vulnerability is a left-shift/biWidth-related integer overflow in input-bmp.c:516:63 that can trigger out-of-bounds behavior in a BMP handling path; CVSS reports high to critical impact (network, no authentication, high impact to confid...

CVE-2017-7604

auchannel.h in HE-AAC+ Codec aka libaacplus 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted audio file...