CWE-190
Integer Overflow or Wraparound
BaseStableLikelihood: Medium
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (689)
page 11 of 35| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24660 | Hig | 0.53 | 8.1 | 0.00 | Apr 7, 2026 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-24450 | Hig | 0.53 | 8.1 | 0.00 | Apr 7, 2026 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2026-20884 | Hig | 0.53 | 8.1 | 0.00 | Apr 7, 2026 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2025-55068 | Hig | 0.53 | 8.2 | 0.00 | Sep 18, 2025 | Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition. | |
| CVE-2025-23016 | Cri | 0.53 | 9.3 | 0.00 | Jan 10, 2025 | FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | |
| CVE-2017-17426 | Hig | 0.53 | 8.1 | 0.00 | Dec 5, 2017 | The malloc function in the GNU C Library (aka glibc or libc6) 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZE_MAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache (aka tcache) feature enables a code path that lacks an integer overflow check. | |
| CVE-2017-9765 | Hig | 0.53 | 8.1 | 0.09 | Jul 20, 2017 | Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers. | |
| CVE-2015-8983 | Hig | 0.53 | 8.1 | 0.01 | Mar 20, 2017 | Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to computing a size in bytes, which triggers a heap-based buffer overflow. | |
| CVE-2015-8982 | Hig | 0.53 | 8.1 | 0.01 | Mar 15, 2017 | Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | |
| CVE-2015-7599 | Hig | 0.53 | 8.1 | 0.08 | Feb 7, 2017 | Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. | |
| CVE-2016-7133 | Hig | 0.53 | 8.1 | 0.01 | Sep 12, 2016 | Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. | |
| CVE-2015-5621 | Hig | 0.53 | 7.5 | 0.18 | Aug 19, 2015 | The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | |
| CVE-2025-52538 | Hig | 0.52 | 8.0 | 0.00 | Nov 24, 2025 | Improper input validation within the XOCL driver may allow a local attacker to generate an integer overflow condition, potentially resulting in loss of confidentiality or availability. | |
| CVE-2023-28909 | Hig | 0.52 | 8.0 | 0.00 | Jun 28, 2025 | A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving fragmented HCI packets on a channel. An attacker can leverage this vulnerability to bypass the MTU check on a channel with enabled fragmentation. Consequently, this can lead to a buffer overflow in upper layer profiles, which can be used to obtain remote code execution. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | |
| CVE-2024-37310 | Cri | 0.52 | 9.0 | 0.02 | Jul 10, 2024 | EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0. | |
| CVE-2016-2105 | Hig | 0.52 | 7.5 | 0.42 | May 5, 2016 | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | |
| CVE-2026-43905 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2026 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w * h * ch * buffer_bpp using signed 32-bit arithmetic. When the product exceeds INT_MAX, the result wraps to 0 or a small value. m_buf.resize() allocates an undersized buffer, and subsequent pixel write loops cause heap overflow. Conditional on USE_OPENJPH build flag. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0. | |
| CVE-2026-42896 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-35415 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34644 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | After Effects versions 26.0, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |