CWE-190
Integer Overflow or Wraparound
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (1,551)
page 63 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9601 | Med | 0.35 | 5.3 | 0.02 | Apr 24, 2018 | ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted,… | ||
| CVE-2017-17288 | Med | 0.35 | 5.3 | 0.01 | Feb 15, 2018 | Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote… | ||
| CVE-2016-10507 | Med | 0.35 | 6.5 | 0.02 | Aug 30, 2017 | Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. | ||
| CVE-2026-32952 | Med | 0.34 | 5.3 | 0.01 | Apr 24, 2026 | go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1… | ||
| CVE-2026-6783 | Med | 0.34 | 5.3 | 0.00 | Apr 21, 2026 | Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||
| CVE-2026-3707 | Med | 0.34 | 5.3 | 0.00 | Mar 8, 2026 | A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. Local access is required to approach this… | ||
| CVE-2025-25248 | Med | 0.34 | 5.3 | 0.00 | Aug 12, 2025 | An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions,… | ||
| CVE-2025-6603 | Med | 0.34 | 5.3 | 0.00 | Jun 25, 2025 | A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1_size leads… | ||
| CVE-2024-13614 | Med | 0.34 | 5.3 | 0.00 | Feb 6, 2025 | Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky… | ||
| CVE-2024-7488 | Med | 0.34 | 5.3 | 0.00 | Dec 4, 2024 | Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not… | ||
| CVE-2023-6780 | Med | 0.34 | 5.3 | 0.03 | Jan 31, 2024 | An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size… | ||
| CVE-2026-41977 | — | Med | 0.33 | 5.0 | 0.00 | Jun 9, 2026 | DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. | |
| CVE-2026-11290 | Med | 0.33 | 5.0 | 0.00 | Jun 5, 2026 | Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low) | ||
| CVE-2026-11281 | Med | 0.33 | 5.0 | 0.00 | Jun 5, 2026 | Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low) | ||
| CVE-2026-49510 | Med | 0.33 | 6.1 | 0.00 | Jun 4, 2026 | Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | ||
| CVE-2026-43894 | Med | 0.33 | 6.2 | 0.00 | May 11, 2026 | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the… | ||
| CVE-2026-42199 | Med | 0.33 | 6.2 | 0.00 | May 8, 2026 | Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API… | ||
| CVE-2026-42144 | Med | 0.33 | 6.1 | 0.00 | May 4, 2026 | CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the… | ||
| CVE-2026-41665 | Med | 0.33 | 6.1 | 0.00 | Apr 22, 2026 | Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0. | ||
| CVE-2025-9688 | Med | 0.33 | 5.0 | 0.00 | Aug 30, 2025 | A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is… |
- risk 0.35cvss 5.3epss 0.02
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted,…
- risk 0.35cvss 5.3epss 0.01
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. An unauthenticated, remote…
- risk 0.35cvss 6.5epss 0.02
Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
- risk 0.34cvss 5.3epss 0.01
go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1…
- risk 0.34cvss 5.3epss 0.00
Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
- risk 0.34cvss 5.3epss 0.00
A vulnerability was identified in MrNanko webp4j up to 1.3.x. The affected element is the function DecodeGifFromMemory of the file src/main/c/gif_decoder.c. Such manipulation of the argument canvas_height leads to integer overflow. Local access is required to approach this…
- risk 0.34cvss 5.3epss 0.00
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions,…
- risk 0.34cvss 5.3epss 0.00
A vulnerability was found in coldfunction qCUDA up to db0085400c2f2011eed46fbc04fdc0873141688e. It has been rated as problematic. Affected by this issue is the function qcow_make_empty of the file qCUDA/qcu-device/block/qcow.c. The manipulation of the argument s->l1_size leads…
- risk 0.34cvss 5.3epss 0.00
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky…
- risk 0.34cvss 5.3epss 0.00
Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not…
- risk 0.34cvss 5.3epss 0.03
An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size…
- risk 0.33cvss 5.0epss 0.00
DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability.
- risk 0.33cvss 5.0epss 0.00
Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low)
- risk 0.33cvss 5.0epss 0.00
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low)
- risk 0.33cvss 6.1epss 0.00
Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f.
- risk 0.33cvss 6.2epss 0.00
jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the…
- risk 0.33cvss 6.2epss 0.00
Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API…
- risk 0.33cvss 6.1epss 0.00
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the…
- risk 0.33cvss 6.1epss 0.00
Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.
- risk 0.33cvss 5.0epss 0.00
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is…