VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 56 of 78
  • CVE-2026-6385MedApr 15, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment…

  • CVE-2026-5477HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer overflow existed in the wolfCrypt CMAC implementation, that could be exploited to forge CMAC tags. The function wc_CmacUpdate used the guard `if (cmac->totalSz != 0)` to skip XOR-chaining on the first block (where digest is all-zeros and the XOR is a…

  • CVE-2026-35092HigApr 1, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This…

  • CVE-2026-5121HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could…

  • CVE-2025-46597HigMar 20, 2026
    risk 0.42cvss 7.5epss 0.00

    Bitcoin Core 0.13.0 through 29.x has an integer overflow.

  • CVE-2025-14242MedJan 14, 2026
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence.

  • CVE-2025-12035MedDec 15, 2025
    risk 0.42cvss 6.5epss 0.00

    An integer overflow condition exists in Bluetooth Host stack, within the bt_br_acl_recv routine a critical path for processing inbound BR/EDR L2CAP traffic.

  • CVE-2025-31203MedApr 29, 2025
    risk 0.42cvss 6.5epss 0.00

    An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a…

  • CVE-2025-0101MedApr 16, 2025
    risk 0.42cvss 6.5epss 0.00

    A low privileged user can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes some functions to work unexpected or stop working at all. Both during runtime and after a restart.

  • CVE-2025-32033HigApr 7, 2025
    risk 0.42cvss 7.5epss 0.01

    The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Prior to 1.61.2 and 2.1.1, the operation limits plugin uses unsigned 32-bit integers to track limit counters (e.g. for a query's…

  • CVE-2024-23775HigJan 31, 2024
    risk 0.42cvss 7.5epss 0.01

    Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

  • CVE-2021-23840HigFeb 16, 2021
    risk 0.42cvss 7.5epss 0.51

    Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will…

  • CVE-2018-18206HigOct 10, 2018
    risk 0.42cvss 7.5epss 0.01

    In the client in Bytom before 1.0.6, checkTopicRegister in p2p/discover/net.go does not prevent negative idx values, leading to a crash.

  • CVE-2017-15422MedAug 28, 2018
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

  • CVE-2018-14883HigAug 3, 2018
    risk 0.42cvss 7.5epss 0.09

    An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.

  • CVE-2017-17725MedFeb 12, 2018
    risk 0.42cvss 6.5epss 0.02

    In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnerability is different from…

  • CVE-2018-5785MedJan 19, 2018
    risk 0.42cvss 6.5epss 0.02

    In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

  • CVE-2018-5727MedJan 16, 2018
    risk 0.42cvss 6.5epss 0.02

    In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

  • CVE-2018-5294MedJan 8, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

  • CVE-2017-2717MedNov 22, 2017
    risk 0.42cvss 6.5epss 0.00

    honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L09C432B120 and earlier versions,Duke-L09C636B120 and earlier versions has an integer overflow vulnerability. The attacker sends a response message to the device, which contains an illegal length field, it could…