#integer-overflow
5 articles
Between May 7 and May 16, 2026, ZCyberNews published five articles on integer-overflow vulnerabilities, featuring high-severity CVEs CVE-2026-43908, CVE-2026-8573, and CVE-2026-8577, each with a CVSS score of 8.8. The coverage also included CVE-2026-44636 (CVSS 7.8) and CVE-2026-43996 (CVSS 5.5). The affected sectors spanned animation, media and entertainment, technology, visual effects, and all industries globally, with a severity mix of three high, one medium, and one critical issue.
HIGHChrome 148.0.7778.168 Patches Integer Overflows, Sandbox Escape Risk
CVE-2026-8573 (CVSS 8.3) and CVE-2026-8577 (CVSS 8.8) in Chrome 148 on Windows allow sandbox escape and RCE via crafted video or HTML pages. Update now.
HIGHLibsixel Heap Overflow CVE-2026-44636 Lets Attackers Trigger RCE
CVE-2026-44636 (CVSS 7.8): A signed integer overflow in libsixel 1.8.7-r1 and earlier lets attackers trigger a heap buffer overflow via crafted SIXEL images, enabling potential...
HIGHOpenImageIO Integer Overflow CVE-2026-43908 Enables OOB Write
CVE-2026-43908 (CVSS 8.8): A signed 32-bit integer overflow in OpenImageIO's ConvertCbYCrYToRGB() causes out-of-bounds writes, risking crashes or code execution in VFX pipelines.
MEDIUMOpenImageIO TGA Decoder Flaw CVE-2026-43996 Enables OOB Read
CVE-2026-43996 (CVSS 5.5) in OpenImageIO TGA decoder uses unsigned 32-bit wrap to bypass bounds check, enabling out-of-bounds read. Affects versions prior to 3.0.18.0 and 3.1.13.0.
CRITICALChrome 148 Patches 127 Flaws, Three Critical Use-After-Free Bugs
Google's Chrome 148 fixes 127 vulnerabilities including three critical-severity bugs (CVE-2026-7896, CVE-2026-7897, CVE-2026-7898) — integer overflow in Blink and use-after-free...
Stay Updated
Get the latest cybersecurity news delivered to your inbox.