CWE-190
Integer Overflow or Wraparound
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (1,551)
page 20 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-17324 | Hig | 0.51 | 7.8 | 0.01 | Mar 9, 2018 | Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow.… | ||
| CVE-2018-7643 | Hig | 0.51 | 7.8 | 0.02 | Mar 2, 2018 | The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump. | ||
| CVE-2018-7471 | Hig | 0.51 | 7.8 | 0.00 | Feb 25, 2018 | KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations. | ||
| CVE-2017-17765 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to… | ||
| CVE-2017-17764 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead… | ||
| CVE-2017-15862 | Hig | 0.51 | 7.8 | 0.00 | Feb 23, 2018 | In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a… | ||
| CVE-2018-6543 | Hig | 0.51 | 7.8 | 0.02 | Feb 2, 2018 | In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other… | ||
| CVE-2017-13182 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User… | ||
| CVE-2017-0869 | Hig | 0.51 | 7.8 | 0.00 | Jan 12, 2018 | NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References:… | ||
| CVE-2017-17863 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. | ||
| CVE-2017-17854 | Hig | 0.51 | 7.8 | 0.00 | Dec 27, 2017 | kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. | ||
| CVE-2017-11043 | Hig | 0.51 | 7.8 | 0.01 | Dec 5, 2017 | In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur. | ||
| CVE-2017-17122 | Hig | 0.51 | 7.8 | 0.02 | Dec 4, 2017 | The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly… | ||
| CVE-2017-8205 | Hig | 0.51 | 7.8 | 0.01 | Nov 22, 2017 | The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the… | ||
| CVE-2017-1000229 | Hig | 0.51 | 7.8 | 0.02 | Nov 17, 2017 | Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. | ||
| CVE-2017-0841 | Hig | 0.51 | 7.8 | 0.01 | Nov 16, 2017 | A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026. | ||
| CVE-2017-9690 | Hig | 0.51 | 7.8 | 0.00 | Nov 16, 2017 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow. | ||
| CVE-2017-11085 | Hig | 0.51 | 7.8 | 0.00 | Nov 16, 2017 | In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c | ||
| CVE-2017-16832 | Hig | 0.51 | 7.8 | 0.02 | Nov 15, 2017 | The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service… | ||
| CVE-2017-16831 | Hig | 0.51 | 7.8 | 0.02 | Nov 15, 2017 | coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or… |
- risk 0.51cvss 7.8epss 0.01
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow.…
- risk 0.51cvss 7.8epss 0.02
The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump.
- risk 0.51cvss 7.8epss 0.00
KingView 7.5SP1 has an integer overflow during stgopenstorage API read operations.
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, multiple values received from firmware are not properly validated in wma_get_ll_stats_ext_buf() and are used to allocate the sizes of buffers and may be vulnerable to integer overflow leading to…
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly validated in wma_rx_aggr_failure_event_handler() so that an integer overflow vulnerability in a buffer size calculation may potentially lead…
- risk 0.51cvss 7.8epss 0.00
In all Qualcomm products with Android releases from CAF using the Linux kernel, in wma_unified_link_radio_stats_event_handler(), the number of radio channels coming from firmware is not properly validated, potentially leading to an integer overflow vulnerability followed by a…
- risk 0.51cvss 7.8epss 0.02
In GNU Binutils 2.30, there's an integer overflow in the function load_specific_debug_section() in objdump.c, which results in `malloc()` with 0 size. A crafted ELF file allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other…
- risk 0.51cvss 7.8epss 0.00
In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User…
- risk 0.51cvss 7.8epss 0.00
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References:…
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact.
- risk 0.51cvss 7.8epss 0.00
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.
- risk 0.51cvss 7.8epss 0.01
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a WiFI driver function, an integer overflow leading to heap buffer overflow may potentially occur.
- risk 0.51cvss 7.8epss 0.02
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly…
- risk 0.51cvss 7.8epss 0.01
The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the…
- risk 0.51cvss 7.8epss 0.02
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
- risk 0.51cvss 7.8epss 0.01
A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.
- risk 0.51cvss 7.8epss 0.00
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, an incorrect buffer size check has an integer overflow vulnerability potentially leading to a buffer overflow.
- risk 0.51cvss 7.8epss 0.00
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an integer overflow leading to a buffer overflow due to improper bound checking in msm_audio_effects_virtualizer_handler, file msm-audio-effects-q6-v2.c
- risk 0.51cvss 7.8epss 0.02
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service…
- risk 0.51cvss 7.8epss 0.02
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or…