CWE-190
Integer Overflow or Wraparound
Description
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (1,551)
page 66 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24807 | Med | 0.27 | — | 0.00 | Jan 27, 2026 | Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue… | ||
| CVE-2025-15534 | Med | 0.27 | 5.3 | 0.00 | Jan 18, 2026 | A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available… | ||
| CVE-2021-26377 | Med | 0.27 | 4.1 | 0.00 | Sep 6, 2025 | Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service. | ||
| CVE-2026-34238 | Med | 0.26 | 5.1 | 0.00 | Apr 13, 2026 | ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write.… | ||
| CVE-2026-40447 | Med | 0.26 | 5.1 | 0.00 | Apr 13, 2026 | Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | ||
| CVE-2026-34589 | Med | 0.26 | 5.0 | 0.00 | Apr 6, 2026 | OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed… | ||
| CVE-2023-31365 | — | Low | 0.25 | 3.9 | 0.00 | Sep 6, 2025 | An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability. | |
| CVE-2026-0988 | Low | 0.24 | 3.7 | 0.00 | Jan 21, 2026 | A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being… | ||
| CVE-2025-4945 | Low | 0.24 | 3.7 | 0.01 | May 19, 2025 | A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in… | ||
| CVE-2025-3360 | Low | 0.24 | 3.7 | 0.00 | Apr 7, 2025 | A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function. | ||
| CVE-2016-8622 | Low | 0.24 | 3.7 | 0.05 | Jul 31, 2018 | The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus… | ||
| CVE-2026-5476 | Med | 0.23 | 4.6 | 0.00 | Apr 3, 2026 | A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The… | ||
| CVE-2025-2295 | Low | 0.23 | 3.5 | 0.00 | Mar 14, 2025 | EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | ||
| CVE-2026-27781 | Low | 0.21 | 3.3 | 0.00 | May 19, 2026 | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | ||
| CVE-2026-4985 | Med | 0.21 | 4.3 | 0.00 | Mar 27, 2026 | A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated… | ||
| CVE-2026-2271 | Low | 0.21 | 3.3 | 0.00 | Mar 26, 2026 | A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file… | ||
| CVE-2023-28903 | Low | 0.21 | 3.3 | 0.00 | Jun 28, 2025 | An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system. | ||
| CVE-2016-9085 | Low | 0.21 | 3.3 | 0.00 | Feb 3, 2017 | Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | ||
| CVE-2026-33596 | Low | 0.20 | 3.1 | 0.00 | Apr 22, 2026 | A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend. | ||
| CVE-2021-46750 | — | Low | 0.20 | 3.0 | 0.00 | Sep 6, 2025 | Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader… |
- risk 0.27cvss —epss 0.00
Improper Verification of Cryptographic Signature vulnerability in liuyueyi quick-media (plugins/svg-plugin/batik-codec-fix/src/main/java/org/apache/batik/ext/awt/image/codec/util modules). This vulnerability is associated with program files SeekableOutputStream.Java. This issue…
- risk 0.27cvss 5.3epss 0.00
A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit is publicly available…
- risk 0.27cvss 4.1epss 0.00
Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.
- risk 0.26cvss 5.1epss 0.00
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write.…
- risk 0.26cvss 5.1epss 0.00
Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
- risk 0.26cvss 5.0epss 0.00
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed…
- risk 0.25cvss 3.9epss 0.00
An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability.
- risk 0.24cvss 3.7epss 0.00
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being…
- risk 0.24cvss 3.7epss 0.01
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in…
- risk 0.24cvss 3.7epss 0.00
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
- risk 0.24cvss 3.7epss 0.05
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus…
- risk 0.23cvss 4.6epss 0.00
A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation leads to integer overflow. The complexity of an attack is rather high. The…
- risk 0.23cvss 3.5epss 0.00
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
- risk 0.21cvss 3.3epss 0.00
in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
- risk 0.21cvss 4.3epss 0.00
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated…
- risk 0.21cvss 3.3epss 0.00
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file…
- risk 0.21cvss 3.3epss 0.00
An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the infotainment system.
- risk 0.21cvss 3.3epss 0.00
Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.
- risk 0.20cvss 3.1epss 0.00
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.
- risk 0.20cvss 3.0epss 0.00
Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader…