CWE-190
Integer Overflow or Wraparound
BaseStableLikelihood: Medium
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (689)
page 30 of 35| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6052 | Low | 0.24 | 3.7 | 0.00 | Jun 13, 2025 | A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be written past the end of the allocated memory, leading to crashes or memory corruption. | |
| CVE-2025-4945 | Low | 0.24 | 3.7 | 0.00 | May 19, 2025 | A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. | |
| CVE-2025-3360 | Low | 0.24 | 3.7 | 0.00 | Apr 7, 2025 | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. | |
| CVE-2025-2295 | Low | 0.23 | 3.5 | 0.00 | Mar 14, 2025 | EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | |
| CVE-2026-6192 | Low | 0.21 | 3.3 | 0.00 | Apr 13, 2026 | A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opj_pi_initialise_encode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is 839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a patch to address this issue. | |
| CVE-2026-2271 | Low | 0.21 | 3.3 | 0.00 | Mar 26, 2026 | A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service. | |
| CVE-2023-28903 | Low | 0.21 | 3.3 | 0.00 | Jun 28, 2025 | An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system. | |
| CVE-2016-9085 | Low | 0.21 | 3.3 | 0.00 | Feb 3, 2017 | Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | |
| CVE-2026-33596 | Low | 0.20 | 3.1 | 0.00 | Apr 22, 2026 | A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend. | |
| CVE-2021-46750 | Low | 0.20 | 3.0 | 0.00 | Sep 6, 2025 | Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity. | |
| CVE-2026-41254 | Med | 0.19 | 4.0 | 0.00 | Apr 18, 2026 | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | |
| CVE-2026-40385 | Med | 0.19 | 4.0 | 0.00 | Apr 12, 2026 | In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | |
| CVE-2025-24324 | Low | 0.18 | 2.8 | 0.00 | Aug 12, 2025 | Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2023-20507 | Low | 0.15 | 2.3 | 0.00 | Feb 11, 2025 | An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially resulting in loss of data integrity. | |
| CVE-2026-3284 | Low | 0.14 | 3.3 | 0.00 | Feb 27, 2026 | A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue. | |
| CVE-2025-2574 | Low | 0.14 | — | 0.00 | Mar 20, 2025 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code. | |
| CVE-2021-26380 | Low | 0.12 | — | 0.00 | May 15, 2026 | A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. | |
| CVE-2014-0569 | 0.10 | — | 0.89 | Oct 15, 2014 | Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2007-2223 | 0.08 | — | 0.69 | Aug 14, 2007 | Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow. | ||
| CVE-2013-3940 | 0.06 | — | 0.72 | Nov 13, 2013 | Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability." |