CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,938 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 23 of 59
- CVE-2019-9139HIGHCVSS 7.8EG 7.82019-04-25
DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
- CVE-2019-9183HIGHCVSS 7.5EG 7.52020-04-23
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This res…
- CVE-2019-9210HIGHCVSS 7.8EG 7.82019-02-27
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-re…
- CVE-2019-9256HIGHCVSS 8.8EG 8.82019-09-27
In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android…
- CVE-2019-9257HIGHCVSS 7.8EG 7.82019-09-27
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: An…
- CVE-2019-9262HIGHCVSS 8.8EG 8.82019-09-27
In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitat…
- CVE-2019-9278HIGHCVSS 8.8EG 8.82019-09-27
In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for …
- CVE-2019-9297HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9298HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9299HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9300HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9301CRITICALCVSS 9.8EG 9.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9302HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9303HIGHCVSS 8.8EG 8.82019-09-27
In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: …
- CVE-2019-9304HIGHCVSS 8.8EG 8.82019-09-27
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVers…
- CVE-2019-9305HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9306HIGHCVSS 8.8EG 8.82019-09-27
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVers…
- CVE-2019-9307HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9308HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9310HIGHCVSS 8.8EG 8.82019-09-27
In libFDK, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: …
- CVE-2019-9311HIGHCVSS 7.5EG 7.52019-09-27
In Bluetooth, there is a possible crash due to an integer overflow. This could lead to remote denial of service on incoming calls with no additional execution privileges needed. User interaction is not needed for exploitation. Product: And…
- CVE-2019-9357HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9405HIGHCVSS 8.8EG 8.82019-09-27
In libAACdec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9420MEDIUMCVSS 6.5EG 6.52019-09-27
In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-9421MEDIUMCVSS 5.0EG 5.02019-09-27
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions…
- CVE-2019-9865HIGHCVSS 8.1EG 8.12019-05-29
When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. It may allow remote attackers to cause a denial of service (crash) or po…
- CVE-2019-9930CRITICALCVSS 9.8EG 9.82019-08-28
Various Lexmark products have an Integer Overflow.
- CVE-2019-9959MEDIUMCVSS 6.5EG 6.52019-07-22
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled …
- CVE-2020-0068MEDIUMCVSS 4.4EG 4.42020-04-17
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for …
- CVE-2020-0086CRITICALCVSS 9.8EG 9.82020-03-15
In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are requir…
- CVE-2020-0117CRITICALCVSS 9.8EG 9.82020-06-10
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed…
- CVE-2020-0128HIGHCVSS 7.5EG 7.52020-06-11
In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges required. User interaction is not needed for exp…
- CVE-2020-0136HIGHCVSS 7.8EG 7.82020-06-11
In multiple locations of Parcel.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction…
- CVE-2020-0139MEDIUMCVSS 4.4EG 4.42020-06-11
In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are nee…
- CVE-2020-0167MEDIUMCVSS 5.5EG 5.52020-06-11
In load of ResourceTypes.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Pr…
- CVE-2020-0181HIGHCVSS 7.5EG 7.52020-06-11
In exif_data_load_data_thumbnail of exif-data.c, there is a possible denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed f…
- CVE-2020-0194HIGHCVSS 8.8EG 8.82020-06-11
In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is n…
- CVE-2020-0198HIGHCVSS 7.5EG 7.52020-06-11
In exif_data_load_data_content of exif-data.c, there is a possible UBSAN abort due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitat…
- CVE-2020-0216HIGHCVSS 7.8EG 7.82020-06-11
In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ne…
- CVE-2020-0240HIGHCVSS 8.8EG 8.82020-08-11
In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.…
- CVE-2020-0264HIGHCVSS 8.8EG 8.82020-09-17
In libstagefright, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVer…
- CVE-2020-0309MEDIUMCVSS 6.7EG 6.72020-09-18
In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for explo…
- CVE-2020-0328MEDIUMCVSS 4.4EG 4.42020-09-17
In the camera, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
- CVE-2020-0346HIGHCVSS 7.8EG 7.82020-09-17
In Mediaserver, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if integer sanitization were not enabled (which it is by default), with no additional execution privileges…
- CVE-2020-0369HIGHCVSS 7.8EG 7.82020-09-17
In libavb, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Androi…
- CVE-2020-0381HIGHCVSS 7.5EG 7.52020-09-17
In Parse_wave of eas_mdls.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote information disclosure in a highly constrained process with no additional execution privileges needed. User interact…
- CVE-2020-0408HIGHCVSS 7.8EG 7.82020-10-14
In remove of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation…
- CVE-2020-0409HIGHCVSS 7.8EG 7.82020-11-10
In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2020-0432HIGHCVSS 7.8EG 7.82020-09-17
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi…
- CVE-2020-0452CRITICALCVSS 9.8EG 9.82020-11-10
In exif_entry_get_value of exif-entry.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution if a third party app used this library to process remote image data with no additional ex…
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →