VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 14 of 78
  • CVE-2026-33471CriApr 22, 2026
    risk 0.55cvss 9.6epss 0.00

    nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0,…

  • CVE-2026-32845HigMar 23, 2026
    risk 0.55cvss 8.4epss 0.00

    cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted glTF/GLB input files with attacker-controlled size values. Attackers…

  • CVE-2015-5621HigAug 19, 2015
    risk 0.55cvss 7.5epss 0.40

    The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code…

  • CVE-2012-1867HigJun 12, 2012
    risk 0.55cvss 8.4epss 0.01

    Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file…

  • CVE-2008-4036HigOct 15, 2008
    risk 0.55cvss 8.4epss 0.02

    Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of…

  • CVE-2026-10924HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10921HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-43907HigMay 14, 2026
    risk 0.54cvss 8.3epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based…

  • CVE-2026-4739CriMar 24, 2026
    risk 0.54cvss epss 0.00

    Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.

  • CVE-2026-24808HigJan 27, 2026
    risk 0.54cvss epss 0.00

    Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc. This issue affects RawTherapee: through 5.11.

  • CVE-2025-52935CriJun 23, 2025
    risk 0.54cvss epss 0.00

    Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly (src/redis/lua/struct modules). This vulnerability is associated with program files lua_struct.C. This issue affects dragonfly: 1.30.1, 1.30.0, 1.28.18.

  • CVE-2018-12617HigJun 21, 2018
    risk 0.54cvss 7.5epss 0.25

    qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be…

  • CVE-2018-1124HigMay 23, 2018
    risk 0.54cvss 7.8epss 0.02

    procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or…

  • CVE-2018-6323HigJan 26, 2018
    risk 0.54cvss 7.8epss 0.06

    The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. A crafted ELF file allows remote attackers to cause a denial…

  • CVE-2017-9765HigJul 20, 2017
    risk 0.54cvss 8.1epss 0.22

    Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML…

  • CVE-2017-7529HigJul 13, 2017
    risk 0.54cvss 7.5epss 0.63

    Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

  • CVE-2017-0104HigMar 17, 2017
    risk 0.54cvss 8.1epss 0.14

    The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."

  • CVE-2016-2226HigFeb 24, 2017
    risk 0.54cvss 7.8epss 0.07

    Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.

  • CVE-2016-2399HigJan 30, 2017
    risk 0.54cvss 7.8epss 0.07

    Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.

  • CVE-2023-29146HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers…