Integer Overflow

An integer overflow vulnerability (CVE-2026-55203) in HAProxy through version 3.4.0 allows malicious FastCGI backends to desynchronize the FCGI framing parser, leading to request routing errors, response smuggling, or memory safety issues.

PgBouncer versions prior to 1.25.2 are vulnerable to an integer overflow (CVE-2026-6664), enabling unauthenticated remote attackers to trigger a denial-of-service via a crafted SCRAM authentication packet, with active exploitation reported.

Rsync versions 3.4.2 and prior contain an integer overflow vulnerability (CVE-2026-43618) in the compressed-token decoder, allowing a malicious sender to trigger out-of-bounds memory access on the receiver and disclose sensitive process memory.

A remotely reachable integer overflow in OpenTelemetry eBPF Instrumentation's (OBI) memcached text protocol parser can crash the OBI process, causing a denial of service due to unchecked arithmetic when handling large payload sizes in memcached storage commands.

CVE-2026-44673 describes an integer overflow in the lyb_read_string() function of the libyang library that can lead to a heap buffer overflow, potentially allowing for arbitrary code execution.

CVE-2026-42896 describes an integer overflow vulnerability in the Windows DWM Core Library, allowing an authorized local attacker to elevate privileges.

Adobe After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user if a victim opens a malicious file.

Pillow versions 10.3.0 through 12.1.1 are vulnerable to an out-of-bounds write in PSD image decoding/encoding due to an integer overflow when computing tile extent sums, potentially leading to arbitrary code execution.

CVE-2026-20884 is an integer overflow vulnerability in LibRaw's deflate_dng_load_raw function that leads to a heap buffer overflow when processing crafted DNG files.

A remote, unauthenticated attacker can crash applications using libp2p-gossipsub versions prior to 0.49.4 by sending a crafted PRUNE control message with a near-maximum backoff value, causing an arithmetic overflow during heartbeat processing.

An integer overflow vulnerability in Tinyproxy's HTTP chunked transfer encoding parser (versions <= 1.11.3) allows an unauthenticated remote attacker to cause a denial of service by sending a crafted chunk size that bypasses validation, leading to resource exhaustion.

A sandbox escape vulnerability, identified as CVE-2026-4690, exists in the XPCOM component of Mozilla Firefox, Firefox ESR, and Thunderbird due to incorrect boundary conditions and an integer overflow, potentially allowing an attacker to execute arbitrary code outside the sandbox.

A remote attacker can perform an out-of-bounds memory write on Google Chrome by exploiting an integer overflow in the Fonts component via a crafted HTML page in versions prior to 146.0.7680.165.

cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors, allowing attackers to trigger out-of-bounds reads via crafted glTF/GLB files, leading to denial of service and potential memory disclosure.

CVE-2026-41445 is a reported integer overflow vulnerability in the KissFFT library that could lead to a heap buffer overflow.

An integer overflow in the `smallbitvec` crate leads to an undersized heap allocation, enabling heap buffer overflows through safe APIs, affecting versions 1.0.1 through 2.6.0.

Phpseclib versions 3.0.0 before 3.0.34 are vulnerable to an integer overflow when loading untrusted ASN.1 files, such as X.509 certificates and RSA PKCS8 keys, potentially leading to denial of service or remote code execution.