CWE-190
Integer Overflow or Wraparound
BaseStableLikelihood: Medium
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (689)
page 15 of 35| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8998 | Hig | 0.51 | 7.8 | 0.00 | May 16, 2017 | In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |
| CVE-2015-8995 | Hig | 0.51 | 7.8 | 0.00 | May 16, 2017 | In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |
| CVE-2014-9935 | Hig | 0.51 | 7.8 | 0.00 | May 16, 2017 | In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | |
| CVE-2014-9932 | Hig | 0.51 | 7.8 | 0.00 | May 16, 2017 | In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. | |
| CVE-2017-0597 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2017 | An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34749571. | |
| CVE-2017-5037 | Hig | 0.51 | 7.8 | 0.00 | Apr 24, 2017 | An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | |
| CVE-2016-6916 | Hig | 0.51 | 7.8 | 0.00 | Apr 24, 2017 | Integer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5 allows local users to cause a denial of service (system crash) via unspecified vectors, which triggers a buffer overflow. | |
| CVE-2016-2347 | Hig | 0.51 | 7.8 | 0.00 | Apr 21, 2017 | Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. | |
| CVE-2017-7975 | Hig | 0.51 | 7.8 | 0.00 | Apr 19, 2017 | Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. | |
| CVE-2017-7948 | Hig | 0.51 | 7.8 | 0.00 | Apr 19, 2017 | Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | |
| CVE-2017-3011 | Hig | 0.51 | 7.8 | 0.05 | Apr 12, 2017 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution. | |
| CVE-2017-7603 | Hig | 0.51 | 7.8 | 0.00 | Apr 9, 2017 | au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. | |
| CVE-2017-7602 | Hig | 0.51 | 7.8 | 0.00 | Apr 9, 2017 | LibTIFF 4.0.7 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. | |
| CVE-2017-2440 | Hig | 0.51 | 7.8 | 0.00 | Apr 2, 2017 | An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (integer overflow) via a crafted app. | |
| CVE-2017-7294 | Hig | 0.51 | 7.8 | 0.00 | Mar 29, 2017 | The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.6 does not validate addition of certain levels data, which allows local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device. | |
| CVE-2016-9387 | Hig | 0.51 | 7.8 | 0.00 | Mar 23, 2017 | Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.13 allows remote attackers to have unspecified impact via a crafted file, which triggers an assertion failure. | |
| CVE-2016-10168 | Hig | 0.51 | 7.8 | 0.01 | Mar 15, 2017 | Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image. | |
| CVE-2016-10251 | Hig | 0.51 | 7.8 | 0.00 | Mar 15, 2017 | Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value. | |
| CVE-2016-10249 | Hig | 0.51 | 7.8 | 0.01 | Mar 15, 2017 | Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow. | |
| CVE-2017-0307 | Hig | 0.51 | 7.8 | 0.00 | Mar 8, 2017 | An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-33177895. References: N-CVE-2017-0307. |