VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 58 of 78
  • CVE-2026-7598HigMay 1, 2026
    risk 0.40cvss 7.3epss 0.00

    A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The…

  • CVE-2026-41605HigApr 28, 2026
    risk 0.40cvss 7.3epss 0.01

    Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2025-43238MedApr 2, 2026
    risk 0.40cvss 6.2epss 0.00

    An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.

  • CVE-2026-34545HigApr 1, 2026
    risk 0.40cvss 7.3epss 0.01

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of…

  • CVE-2026-34544HigApr 1, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that…

  • CVE-2025-49179HigJun 17, 2025
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.

  • CVE-2025-49176HigJun 17, 2025
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.

  • CVE-2026-40250HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1040` performs `chan->width…

  • CVE-2026-40244HigApr 21, 2026
    risk 0.39cvss 7.1epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, and 3.2.0 through 3.2.7, `internal_dwa_compressor.h:1722` performs `curc->width…

  • CVE-2026-33020HigApr 14, 2026
    risk 0.39cvss 7.1epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixel_frame_convert_to_rgb888() in frame.c, where allocation size and pointer offset computations for…

  • CVE-2026-33019HigApr 14, 2026
    risk 0.39cvss 7.1epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling of img2sixel, where positive coordinates up to INT_MAX are accepted without…

  • CVE-2026-0619MedFeb 12, 2026
    risk 0.39cvss epss 0.00

    A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.

  • CVE-2025-24528HigJan 16, 2026
    risk 0.39cvss 7.1epss 0.01

    In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

  • CVE-2024-57262HigFeb 19, 2025
    risk 0.39cvss 7.1epss 0.00

    In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.

  • CVE-2024-57261HigFeb 19, 2025
    risk 0.39cvss 7.1epss 0.00

    In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.

  • CVE-2024-51737HigJan 8, 2025
    risk 0.39cvss 7.0epss 0.00

    RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument,…

  • CVE-2024-51480HigJan 8, 2025
    risk 0.39cvss 7.0epss 0.00

    RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap…

  • CVE-2024-30212HigMay 28, 2024
    risk 0.39cvss epss 0.01

    If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. …

  • CVE-2018-6191MedJan 24, 2018
    risk 0.39cvss 5.5epss 0.05

    The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.

  • CVE-2026-34219MedMar 31, 2026
    risk 0.38cvss 5.9epss 0.00

    libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an…