CWE-190
Integer Overflow or Wraparound
BaseStableLikelihood: Medium
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (689)
page 14 of 35| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15587 | Hig | 0.51 | 7.8 | 0.00 | Oct 18, 2017 | An integer overflow was discovered in pdf_read_new_xref_section in pdf/pdf-xref.c in Artifex MuPDF 1.11. | |
| CVE-2017-9683 | Hig | 0.51 | 7.8 | 0.00 | Oct 10, 2017 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large. | |
| CVE-2015-1537 | Hig | 0.51 | 7.8 | 0.01 | Sep 28, 2017 | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | |
| CVE-2017-14745 | Hig | 0.51 | 7.8 | 0.00 | Sep 26, 2017 | The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | |
| CVE-2017-8278 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, while reading audio data from an unspecified driver, a buffer overflow or integer overflow could occur. | |
| CVE-2017-8250 | Hig | 0.51 | 7.8 | 0.00 | Sep 21, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables "nr_cmds" and "nr_bos" number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative. | |
| CVE-2015-1527 | Hig | 0.51 | 7.8 | 0.00 | Sep 15, 2017 | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | |
| CVE-2017-14333 | Hig | 0.51 | 7.8 | 0.00 | Sep 12, 2017 | The process_version_sections function in readelf.c in GNU Binutils 2.29 allows attackers to cause a denial of service (Integer Overflow, and hang because of a time-consuming loop) or possibly have unspecified other impact via a crafted binary file with invalid values of ent.vn_next, during "readelf -a" execution. | |
| CVE-2017-2870 | Hig | 0.51 | 7.8 | 0.02 | Sep 5, 2017 | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | |
| CVE-2017-8255 | Hig | 0.51 | 7.8 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. | |
| CVE-2017-0729 | Hig | 0.51 | 7.8 | 0.00 | Aug 9, 2017 | A elevation of privilege vulnerability in the Android media framework (mediadrmserver). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37710346. | |
| CVE-2017-9835 | Hig | 0.51 | 7.8 | 0.00 | Jul 26, 2017 | The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PostScript document. This is related to a lack of an integer overflow check in base/gsalloc.c. | |
| CVE-2017-0702 | Hig | 0.51 | 7.8 | 0.00 | Jul 6, 2017 | A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-36621442. | |
| CVE-2017-9776 | Hig | 0.51 | 7.8 | 0.01 | Jun 22, 2017 | Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. | |
| CVE-2014-9964 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. | |
| CVE-2017-4913 | Hig | 0.51 | 7.8 | 0.00 | Jun 8, 2017 | VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain an integer-overflow vulnerability in the True Type Font parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of Service on the Windows OS that runs Workstation. In the case of a Horizon View Client, this may allow a View desktop to execute code or perform a Denial of Service on the Windows OS that runs the Horizon View Client. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon View. | |
| CVE-2015-9005 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2017 | In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |
| CVE-2014-9944 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2017 | In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |
| CVE-2016-5735 | Hig | 0.51 | 7.8 | 0.00 | May 23, 2017 | Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remote attackers to have unspecified impact via a crafted PNG file, which triggers a buffer overflow. | |
| CVE-2016-10239 | Hig | 0.51 | 7.8 | 0.00 | May 16, 2017 | In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper input validation an integer overflow vulnerability leading to a buffer overflow could potentially occur and a buffer over-read vulnerability could potentially occur. |