How severe is CVE-2016-2538?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2016-2538?

This is classified as CWE-189, which is a common weakness in software security.

CVE-2016-2538

HIGH Year: 2016

CVSS v3 Score

7.1

High

CVSS v2 Score

3.6

Low

Weakness Type

CWE-189

View all →

Vulnerability Description

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.

CVE-2016-1904

HIGH

CVSS:7.3(High)

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php...

CWE-1892016

CVE-2025-2176

MEDIUM

CVSS:7.3(High)

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overfl...

CWE-1892025

CVE-2025-2177

MEDIUM

CVSS:7.3(High)

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len lead...

CWE-1892025