CWE-190
Integer Overflow or Wraparound
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (1,551)
page 23 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5853 | Hig | 0.51 | 7.8 | 0.01 | Mar 1, 2017 | Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file. | ||
| CVE-2016-8389 | Hig | 0.51 | 7.8 | 0.02 | Feb 28, 2017 | An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate… | ||
| CVE-2017-6308 | Hig | 0.51 | 7.8 | 0.02 | Feb 24, 2017 | An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation. | ||
| CVE-2017-6303 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow." | ||
| CVE-2017-6302 | Hig | 0.51 | 7.8 | 0.01 | Feb 24, 2017 | An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow." | ||
| CVE-2016-8636 | Hig | 0.51 | 7.8 | 0.01 | Feb 22, 2017 | Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other… | ||
| CVE-2016-6252 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2017 | Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap. | ||
| CVE-2016-1889 | Hig | 0.51 | 7.8 | 0.00 | Feb 15, 2017 | Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. | ||
| CVE-2017-0410 | Hig | 0.51 | 7.8 | 0.01 | Feb 8, 2017 | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,… | ||
| CVE-2017-5576 | Hig | 0.51 | 7.8 | 0.00 | Feb 6, 2017 | Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl… | ||
| CVE-2017-5628 | Hig | 0.51 | 7.8 | 0.01 | Jan 30, 2017 | An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file. | ||
| CVE-2017-5627 | Hig | 0.51 | 7.8 | 0.01 | Jan 30, 2017 | An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a… | ||
| CVE-2017-0383 | Hig | 0.51 | 7.8 | 0.01 | Jan 12, 2017 | An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,… | ||
| CVE-2017-0381 | Hig | 0.51 | 7.8 | 0.01 | Jan 12, 2017 | An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without… | ||
| CVE-2016-4298 | Hig | 0.51 | 7.8 | 0.02 | Jan 6, 2017 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will… | ||
| CVE-2016-4291 | Hig | 0.51 | 7.8 | 0.02 | Jan 6, 2017 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the… | ||
| CVE-2016-4290 | Hig | 0.51 | 7.8 | 0.02 | Jan 6, 2017 | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to… | ||
| CVE-2016-9754 | Hig | 0.51 | 7.8 | 0.01 | Jan 5, 2017 | The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. | ||
| CVE-2016-9031 | Hig | 0.51 | 7.8 | 0.00 | Dec 14, 2016 | An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a… | ||
| CVE-2016-9084 | Hig | 0.51 | 7.8 | 0.00 | Nov 28, 2016 | drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file. |
- risk 0.51cvss 7.8epss 0.01
Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
- risk 0.51cvss 7.8epss 0.02
An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate…
- risk 0.51cvss 7.8epss 0.02
An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "6 of 9. Invalid Write and Integer Overflow."
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "5 of 9. Integer Overflow."
- risk 0.51cvss 7.8epss 0.01
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other…
- risk 0.51cvss 7.8epss 0.00
Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap.
- risk 0.51cvss 7.8epss 0.00
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…
- risk 0.51cvss 7.8epss 0.00
Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl…
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.
- risk 0.51cvss 7.8epss 0.01
An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…
- risk 0.51cvss 7.8epss 0.01
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without…
- risk 0.51cvss 7.8epss 0.02
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will…
- risk 0.51cvss 7.8epss 0.02
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the…
- risk 0.51cvss 7.8epss 0.02
When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to…
- risk 0.51cvss 7.8epss 0.01
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.
- risk 0.51cvss 7.8epss 0.00
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a…
- risk 0.51cvss 7.8epss 0.00
drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.