VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 11 of 78
  • CVE-2025-30404CriAug 7, 2025
    risk 0.57cvss 9.8epss 0.01

    An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.

  • CVE-2024-36671CriNov 29, 2024
    risk 0.57cvss 9.8epss 0.01

    nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.

  • CVE-2024-44087HigSep 10, 2024
    risk 0.57cvss 8.6epss 0.11

    A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in…

  • CVE-2024-27833HigJun 10, 2024
    risk 0.57cvss 8.8epss 0.01

    An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2024-27304CriMar 6, 2024
    risk 0.57cvss 9.8epss 0.01

    pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the…

  • CVE-2024-23605HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-23496HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-21836HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

  • CVE-2024-21825HigFeb 26, 2024
    risk 0.57cvss 8.8epss 0.01

    A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this…

  • CVE-2019-20205HigJan 2, 2020
    risk 0.57cvss 8.8epss 0.01

    libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.

  • CVE-2017-2777HigSep 17, 2018
    risk 0.57cvss 8.8epss 0.01

    An exploitable heap overflow vulnerability exists in the ipStringCreate function of Iceni Argus Version 6.6.05. A specially crafted pdf file can cause an integer overflow resulting in heap overflow. An attacker can send file to trigger this vulnerability.

  • CVE-2018-17100HigSep 16, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file.

  • CVE-2018-5875HigJul 6, 2018
    risk 0.57cvss 8.8epss 0.01

    While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

  • CVE-2018-12265HigJun 13, 2018
    risk 0.57cvss 8.8epss 0.03

    Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.

  • CVE-2018-12264HigJun 13, 2018
    risk 0.57cvss 8.8epss 0.03

    Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

  • CVE-2016-9063CriJun 11, 2018
    risk 0.57cvss 9.8epss 0.06

    An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

  • CVE-2017-14441HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted…

  • CVE-2017-12109HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to…

  • CVE-2017-12108HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.03

    An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to…

  • CVE-2017-5131HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.01

    An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an out-of-bounds write.