VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 69 of 78
  • CVE-2009-1570Nov 13, 2009
    risk 0.01cvss epss 0.08

    Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.

  • CVE-2009-0946Apr 17, 2009
    risk 0.01cvss epss 0.09

    Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

  • CVE-2007-2834Sep 18, 2007
    risk 0.01cvss epss 0.11

    Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an…

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2007-2949Jul 4, 2007
    risk 0.01cvss epss 0.07

    Integer overflow in the seek_to_and_unpack_pixeldata function in the psd.c plugin in Gimp 2.2.15 allows remote attackers to execute arbitrary code via a crafted PSD file that contains a large (1) width or (2) height value.

  • CVE-2026-55093Jun 18, 2026
    risk 0.00cvss epss

    - **Component:** `tract-nnef` (`nnef/src/tensors.rs::read_tensor`) + `tract-data` (`data/src/tensor.rs`) - **Affected versions:** `< 0.21.16`, `0.22.0`–`0.22.2`, `0.23.0`–`0.23.1` — the dense `DatLoader` path was unguarded across all three release lines; patched in 0.21.16…

  • CVE-2026-55254Jun 18, 2026
    risk 0.00cvss epss

    ### Impact A denial-of-service (DoS) vulnerability exists in the factorial operator implementation of NCalc. Specially crafted expressions containing extremely large factorial operands can trigger excessive CPU consumption or cause evaluation to enter a non-terminating loop due…

  • CVE-2026-41144NonApr 22, 2026
    risk 0.00cvss 0.0epss 0.00

    F´ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize uses U32 addition that wraps around on overflow. An attacker-crafted DataPacket…

  • CVE-2026-27889Mar 25, 2026
    risk 0.00cvss epss 0.01

    NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSockets frame could trigger a server panic in the nats-server. This happens before…

  • CVE-2026-33306Mar 24, 2026
    risk 0.00cvss epss 0.00

    bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31…

  • CVE-2026-32875Mar 20, 2026
    risk 0.00cvss epss 0.00

    UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Versions 5.10 through 5.11.0 are vulnerable to buffer overflow or infinite loop through large indent handling. ujson.dumps() crashes the Python interpreter (segmentation fault) when the…

  • CVE-2026-31814Mar 13, 2026
    risk 0.00cvss epss 0.00

    Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely…

  • CVE-2026-28493Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerability allows an attacker to perform an out of bounds via a specially crafted…

  • CVE-2026-27809Feb 25, 2026
    risk 0.00cvss epss 0.00

    psd-tools is a Python package for working with Adobe Photoshop PSD files. Prior to version 1.12.2, when a PSD file contains malformed RLE-compressed image data (e.g. a literal run that extends past the expected row size), decode_rle() raises ValueError which propagated all the…

  • CVE-2026-25989Feb 24, 2026
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check (`>` instead of `>=`) that allows bypass the guard and reach an…

  • CVE-2026-25970Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL decoder allows an attacker to trigger memory corruption and denial of service…

  • CVE-2026-25794Feb 24, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are large, the multiplication overflows…

  • CVE-2026-24889Jan 28, 2026
    risk 0.00cvss epss 0.00

    soroban-sdk is a Rust SDK for Soroban contracts. Arithmetic overflow can be triggered in the `Bytes::slice`, `Vec::slice`, and `Prng::gen_range` (for `u64`) methods in the `soroban-sdk` in versions up to and including `25.0.1`, `23.5.1`, and `25.0.2`. Contracts that pass…

  • CVE-2026-23833Jan 19, 2026
    risk 0.00cvss epss 0.00

    ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check `ptr +…

  • CVE-2025-66030Nov 26, 2025
    risk 0.00cvss epss 0.00

    Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized…