VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 17 of 78
  • CVE-2026-4150HigApr 11, 2026
    risk 0.51cvss 7.8epss 0.01

    GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a…

  • CVE-2026-4775HigMar 24, 2026
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer…

  • CVE-2026-26134HigMar 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

  • CVE-2025-33219HigJan 28, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of…

  • CVE-2025-33218HigJan 28, 2026
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of…

  • CVE-2026-24875HigJan 27, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer Overflow or Wraparound vulnerability in yoyofr modizer.This issue affects modizer: before 4.1.1.

  • CVE-2025-46285HigDec 12, 2025
    risk 0.51cvss 7.8epss 0.00

    An integer overflow was addressed by adopting 64-bit timestamps. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. An app may be able to gain root…

  • CVE-2025-22836HigAug 12, 2025
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-36337HigApr 2, 2025
    risk 0.51cvss 7.9epss 0.00

    Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability.

  • CVE-2024-36336HigApr 2, 2025
    risk 0.51cvss 7.9epss 0.00

    Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability.

  • CVE-2025-24156HigJan 27, 2025
    risk 0.51cvss 7.8epss 0.01

    An integer overflow was addressed through improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to elevate privileges.

  • CVE-2025-21338HigJan 14, 2025
    risk 0.51cvss 7.8epss 0.00

    GDI+ Remote Code Execution Vulnerability

  • CVE-2024-55656HigJan 8, 2025
    risk 0.51cvss 8.8epss 0.15

    RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the…

  • CVE-2024-39684HigJul 9, 2024
    risk 0.51cvss 7.8epss 0.00

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…

  • CVE-2024-35905HigMay 19, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of…

  • CVE-2024-26884HigApr 17, 2024
    risk 0.51cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0.…

  • CVE-2018-9498HigOct 2, 2018
    risk 0.51cvss 7.8epss 0.02

    In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0…

  • CVE-2018-9491HigOct 2, 2018
    risk 0.51cvss 7.8epss 0.02

    In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product:…

  • CVE-2018-9473HigOct 2, 2018
    risk 0.51cvss 7.8epss 0.02

    In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android…

  • CVE-2018-11292HigSep 20, 2018
    risk 0.51cvss 7.8epss 0.00

    In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632,…