VYPR

CWE-195

Signed to Unsigned Conversion Error

VariantDraft

Description

The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (9)

  • CVE-2011-3045HigMar 22, 2012
    risk 0.57cvss 8.8epss 0.04

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…

  • CVE-2016-6560HigMar 31, 2017
    risk 0.56cvss 8.6epss 0.02

    illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a system crash.

  • CVE-2026-49840CriJun 9, 2026
    risk 0.52cvss 9.1epss 0.00

    FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the…

  • CVE-2026-41682MedMay 8, 2026
    risk 0.38cvss epss 0.00

    pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(). This issue has been patched in version 1.18.5.

  • CVE-2025-67897MedDec 14, 2025
    risk 0.34cvss 5.3epss 0.00

    In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.

  • CVE-2025-24792MedJan 29, 2025
    risk 0.22cvss 4.4epss 0.00

    Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a…

  • CVE-2026-26981Feb 24, 2026
    risk 0.00cvss epss 0.01

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow (OOB read) occurs in the `istream_nonparallel_read`…

  • CVE-2023-3635Jul 12, 2023
    risk 0.00cvss epss 0.01

    GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

  • CVE-2020-1913Sep 9, 2020
    risk 0.00cvss epss 0.01

    An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the…