VYPR

CWE-190

Integer Overflow or Wraparound

BaseStableLikelihood: Medium

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (1,551)

page 7 of 78
  • CVE-2017-9162CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:191:2.

  • CVE-2017-9161CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in autotrace.c:188:23.

  • CVE-2017-6889CriMay 15, 2017
    risk 0.64cvss 9.8epss 0.01

    An integer overflow error within the "foveon_load_camf()" function (dcraw_foveon.c) in LibRaw-demosaic-pack-GPL2 before 0.18.2 can be exploited to cause a heap-based buffer overflow.

  • CVE-2016-5762CriApr 20, 2017
    risk 0.64cvss 9.8epss 0.06

    Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 might allow remote attackers to execute arbitrary code via a long (1) username or (2) password, which triggers a heap-based buffer overflow.

  • CVE-2017-5885CriFeb 28, 2017
    risk 0.64cvss 9.8epss 0.05

    Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a…

  • CVE-2016-9558CriFeb 28, 2017
    risk 0.64cvss 9.8epss 0.05

    (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."

  • CVE-2017-6350CriFeb 27, 2017
    risk 0.64cvss 9.8epss 0.03

    An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

  • CVE-2017-6349CriFeb 27, 2017
    risk 0.64cvss 9.8epss 0.03

    An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

  • CVE-2016-6872CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2016-6871CriFeb 17, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.

  • CVE-2016-8859CriFeb 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.

  • CVE-2017-5953CriFeb 10, 2017
    risk 0.64cvss 9.8epss 0.03

    vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

  • CVE-2016-10164CriFeb 1, 2017
    risk 0.64cvss 9.8epss 0.08

    Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated…

  • CVE-2016-9132CriJan 30, 2017
    risk 0.64cvss 9.8epss 0.02

    In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory…

  • CVE-2016-7938CriJan 28, 2017
    risk 0.64cvss 9.8epss 0.03

    The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().

  • CVE-2016-6164CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

  • CVE-2016-10141CriJan 13, 2017
    risk 0.64cvss 9.8epss 0.04

    An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to…

  • CVE-2016-8438CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.

  • CVE-2016-7951CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

  • CVE-2016-7947CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.04

    Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.