CWE-197
Numeric Truncation Error
Description
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-6965 | Cri | 0.60 | 9.8 | 0.73 | Jul 15, 2025 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | ||
| CVE-2026-44823 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40409 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||
| CVE-2026-40404 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||
| CVE-2026-42944 | Hig | 0.42 | 7.5 | 0.01 | May 20, 2026 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses'… | ||
| CVE-2026-40380 | Med | 0.40 | 6.2 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. | ||
| CVE-2026-6039 | Med | 0.35 | — | 0.00 | Jun 15, 2026 | LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so… | ||
| CVE-2026-42371 | Med | 0.26 | 5.1 | 0.00 | Apr 27, 2026 | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | ||
| CVE-2026-44927 | Low | 0.12 | 2.9 | 0.00 | May 8, 2026 | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. | ||
| CVE-2025-10543 | — | 0.00 | — | 0.00 | Dec 2, 2025 | In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an… | ||
| CVE-2020-15202 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32`… |
- risk 0.60cvss 9.8epss 0.73
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- risk 0.42cvss 7.5epss 0.01
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses'…
- risk 0.40cvss 6.2epss 0.00
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
- risk 0.35cvss —epss 0.00
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so…
- risk 0.26cvss 5.1epss 0.00
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
- risk 0.12cvss 2.9epss 0.00
In uriparser before 1.0.2, there is pointer difference truncation to int in various places.
- CVE-2025-10543Dec 2, 2025risk 0.00cvss —epss 0.00
In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server (for example, part of an…
- CVE-2020-15202Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32`…