CWE-190
Integer Overflow or Wraparound
BaseStableLikelihood: Medium
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (689)
page 4 of 35| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9187 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:486:7. | |
| CVE-2017-9186 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:326:17. | |
| CVE-2017-9185 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:319:7. | |
| CVE-2017-9184 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in input-bmp.c:314:7. | |
| CVE-2017-9162 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2. | |
| CVE-2017-9161 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23. | |
| CVE-2017-6889 | Cri | 0.64 | 9.8 | 0.00 | May 15, 2017 | An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow. | |
| CVE-2016-5762 | Cri | 0.64 | 9.8 | 0.08 | Apr 20, 2017 | Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow. | |
| CVE-2017-5885 | Cri | 0.64 | 9.8 | 0.01 | Feb 28, 2017 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. | |
| CVE-2016-9558 | Cri | 0.64 | 9.8 | 0.03 | Feb 28, 2017 | (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow." | |
| CVE-2017-6350 | Cri | 0.64 | 9.8 | 0.01 | Feb 27, 2017 | An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | |
| CVE-2017-6349 | Cri | 0.64 | 9.8 | 0.01 | Feb 27, 2017 | An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. | |
| CVE-2016-6872 | Cri | 0.64 | 9.8 | 0.01 | Feb 17, 2017 | Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |
| CVE-2016-6871 | Cri | 0.64 | 9.8 | 0.01 | Feb 17, 2017 | Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | |
| CVE-2016-8859 | Cri | 0.64 | 9.8 | 0.01 | Feb 13, 2017 | Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. | |
| CVE-2017-5953 | Cri | 0.64 | 9.8 | 0.01 | Feb 10, 2017 | vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. | |
| CVE-2016-10164 | Cri | 0.64 | 9.8 | 0.04 | Feb 1, 2017 | Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. | |
| CVE-2016-9132 | Cri | 0.64 | 9.8 | 0.00 | Jan 30, 2017 | In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure. | |
| CVE-2016-7938 | Cri | 0.64 | 9.8 | 0.01 | Jan 28, 2017 | The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame(). | |
| CVE-2016-6164 | Cri | 0.64 | 9.8 | 0.01 | Jan 23, 2017 | Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size. |