VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 54 of 78
  • CVE-2026-8295MedMay 14, 2026
    risk 0.45cvss epss 0.00

    An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on platforms with limited "size_t" width (e.g., 32-bit builds). The overflow can…

  • CVE-2025-7709MedSep 8, 2025
    risk 0.45cvss epss 0.00

    An integer overflow exists in the FTS5 https://sqlite.org/fts5.html  extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.

  • CVE-2026-46062HigMay 27, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw addition which can wrap around for large lcn and len values, bypassing…

  • CVE-2026-42046HigMay 11, 2026
    risk 0.44cvss 7.8epss 0.00

    libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format.…

  • CVE-2026-42311HigMay 9, 2026
    risk 0.44cvss 7.8epss 0.00

    Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. This issue has been patched in version 12.2.0.

  • CVE-2026-31648HigApr 24, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I encountered some very strange crash issues showing up as "Bad page…

  • CVE-2026-34588HigApr 6, 2026
    risk 0.44cvss 7.8epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit…

  • CVE-2026-3308HigMar 31, 2026
    risk 0.44cvss 7.8epss 0.00

    An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for…

  • CVE-2026-33298HigMar 24, 2026
    risk 0.44cvss 7.8epss 0.00

    llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a…

  • CVE-2026-27940HigMar 12, 2026
    risk 0.44cvss 7.8epss 0.00

    llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past…

  • CVE-2026-20025MedMar 4, 2026
    risk 0.44cvss 6.8epss 0.00

    A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker…

  • CVE-2023-53524HigOct 1, 2025
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf An integer overflow occurs in the iwl_write_to_user_buf() function, which is called by the iwl_dbgfs_monitor_data_read() function. static…

  • CVE-2025-49180HigJun 17, 2025
    risk 0.44cvss 7.8epss 0.00

    A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.

  • CVE-2024-41000HigJul 12, 2024
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ …

  • CVE-2021-41203HigNov 5, 2021
    risk 0.44cvss 7.8epss 0.00

    TensorFlow is an open source platform for machine learning. In affected versions an attacker can trigger undefined behavior, integer overflows, segfaults and `CHECK`-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints…

  • CVE-2017-9832MedJun 24, 2017
    risk 0.44cvss 6.8epss 0.01

    An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through…

  • CVE-2017-9831MedJun 24, 2017
    risk 0.44cvss 6.8epss 0.01

    An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into…

  • CVE-2016-2347HigApr 21, 2017
    risk 0.44cvss 7.8epss 0.03

    Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

  • CVE-2016-10168HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.04

    Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors involving the number of horizontal and vertical chunks in an image.

  • CVE-2016-10251HigMar 15, 2017
    risk 0.44cvss 7.8epss 0.02

    Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.