VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 62 of 78
  • CVE-2016-9082MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file.

  • CVE-2016-4352MedFeb 3, 2017
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file.

  • CVE-2016-9189MedNov 4, 2016
    risk 0.36cvss 5.5epss 0.02

    Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_buffer in map.c component.

  • CVE-2015-8933MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.

  • CVE-2016-3895MedSep 11, 2016
    risk 0.36cvss 5.5epss 0.00

    Integer overflow in the Region::unflatten function in libs/ui/Region.cpp in mediaserver in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 29983260.

  • CVE-2016-3712MedMay 11, 2016
    risk 0.36cvss 5.5epss 0.01

    Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode.

  • CVE-2026-6045MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could…

  • CVE-2026-47223MedJun 12, 2026
    risk 0.35cvss 5.4epss 0.00

    NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). A 32-bit…

  • CVE-2026-28532MedApr 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition…

  • CVE-2026-33611MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.

  • CVE-2026-28214MedApr 17, 2026
    risk 0.35cvss 6.5epss 0.01

    Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when parsing a Wide type clumplet, causing an infinite loop. An authenticated user…

  • CVE-2026-34378MedApr 6, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a…

  • CVE-2026-33983MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift…

  • CVE-2025-66168MedMar 4, 2026
    risk 0.35cvss 5.4epss 0.01

    WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the  following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://www.cve.org/CVERecord?id=CVE-2026-40046 …

  • CVE-2025-48515MedFeb 10, 2026
    risk 0.35cvss epss 0.00

    Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.

  • CVE-2025-14512MedDec 11, 2025
    risk 0.35cvss 6.5epss 0.01

    A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.

  • CVE-2025-48964MedJul 22, 2025
    risk 0.35cvss 6.5epss 0.00

    ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared…

  • CVE-2023-28908MedJun 28, 2025
    risk 0.35cvss 5.4epss 0.00

    A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow when receiving non-fragmented HCI packets on a channel. The vulnerability was…

  • CVE-2025-47268MedMay 5, 2025
    risk 0.35cvss 6.5epss 0.01

    ping in iputils before 20250602 allows a denial of service (application error or incorrect data collection) via a crafted ICMP Echo Reply packet, because of a signed 64-bit integer overflow in timestamp multiplication.

  • CVE-2024-22396MedMar 14, 2024
    risk 0.35cvss 5.3epss 0.01

    An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload.