CWE-190
Integer Overflow or Wraparound
BaseStableLikelihood: Medium
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (689)
page 3 of 35| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-19636 | Cri | 0.64 | 9.8 | 0.00 | Dec 8, 2019 | An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c. | |
| CVE-2017-8816 | Cri | 0.64 | 9.8 | 0.00 | Nov 29, 2017 | The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. | |
| CVE-2017-1000158 | Cri | 0.64 | 9.8 | 0.04 | Nov 17, 2017 | CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) | |
| CVE-2017-2921 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability. | |
| CVE-2017-2892 | Cri | 0.64 | 9.8 | 0.02 | Nov 7, 2017 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | |
| CVE-2017-1000121 | Cri | 0.64 | 9.8 | 0.01 | Nov 1, 2017 | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. | |
| CVE-2017-14636 | Cri | 0.64 | 9.8 | 0.00 | Sep 22, 2017 | Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffffffff times, ending with an invalid read of size 1 in the Image::Indexed::sortPal function in image.cpp. However, this also causes memory corruption because of an attempted write to the invalid d[0xfffffffe] array element. | |
| CVE-2017-9282 | Cri | 0.64 | 9.8 | 0.00 | Sep 21, 2017 | An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) on a heap-allocated area, leading to heap corruption in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. | |
| CVE-2017-14630 | Cri | 0.64 | 9.8 | 0.00 | Sep 21, 2017 | In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp, leading to an invalid write operation. | |
| CVE-2017-14062 | Cri | 0.64 | 9.8 | 0.01 | Aug 31, 2017 | Integer overflow in the decode_digit function in puny_decode.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2017-14061 | Cri | 0.64 | 9.8 | 0.01 | Aug 31, 2017 | Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact. | |
| CVE-2016-5871 | Cri | 0.64 | 9.8 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an image file. | |
| CVE-2016-10346 | Cri | 0.64 | 9.8 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. | |
| CVE-2015-9062 | Cri | 0.64 | 9.8 | 0.00 | Aug 18, 2017 | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. | |
| CVE-2012-6706 | Cri | 0.64 | 9.8 | 0.02 | Jun 22, 2017 | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. | |
| CVE-2017-9200 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:528:63. | |
| CVE-2017-9199 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:192:19. | |
| CVE-2017-9198 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:508:18. | |
| CVE-2017-9197 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-tga.c:498:55. | |
| CVE-2017-9196 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue in the ReadImage function in input-tga.c:528:7. |