CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,938 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 26 of 59
- CVE-2020-21699HIGHCVSS 7.5EG 7.52023-08-22
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered…
- CVE-2020-22874CRITICALCVSS 9.8EG 9.82021-07-13
Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code.
- CVE-2020-22875CRITICALCVSS 9.8EG 9.82021-07-13
Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code.
- CVE-2020-24213HIGHCVSS 7.5EG 7.52020-09-23
An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.
- CVE-2020-24397HIGHCVSS 7.2EG 7.22020-10-02
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-bas…
- CVE-2020-24838HIGHCVSS 7.5EG 7.52021-02-10
An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedC…
- CVE-2020-25574HIGHCVSS 7.5EG 7.52020-09-14
An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).
- CVE-2020-25666LOWCVSS 3.3EG 3.32020-12-08
There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type f…
- CVE-2020-25675LOWCVSS 3.3EG 3.32020-12-08
In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported…
- CVE-2020-25676MEDIUMCVSS 5.5EG 5.52020-12-08
In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo(), which are all functions in /MagickCore/pixel.c, there were multiple unconstrained pixel offset calculations which wer…
- CVE-2020-25693HIGHCVSS 8.1EG 8.12020-12-03
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availabi…
- CVE-2020-26682HIGHCVSS 8.8EG 8.82020-10-16
In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.
- CVE-2020-27051HIGHCVSS 7.8EG 7.82020-12-15
In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is need…
- CVE-2020-27350MEDIUMCVSS 5.7EG 5.72020-12-10
APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubu…
- CVE-2020-2742HIGHCVSS 8.2EG 8.22020-04-15
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privil…
- CVE-2020-27484CRITICALCVSS 9.9EG 9.92020-11-16
Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The…
- CVE-2020-27751LOWCVSS 3.3EG 3.32020-12-08
A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` a…
- CVE-2020-27754LOWCVSS 3.3EG 3.32020-12-08
In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the …
- CVE-2020-27757LOWCVSS 3.3EG 3.32020-12-08
A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input …
- CVE-2020-27758LOWCVSS 3.3EG 3.32020-12-08
A flaw was found in ImageMagick in coders/txt.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long`. This would most…
- CVE-2020-27759LOWCVSS 3.3EG 3.32020-12-03
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file un…
- CVE-2020-27761LOWCVSS 3.3EG 3.32020-12-03
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMa…
- CVE-2020-27762MEDIUMCVSS 5.5EG 5.52020-12-03
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most like…
- CVE-2020-27764LOWCVSS 3.3EG 3.32020-12-03
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMa…
- CVE-2020-27766HIGHCVSS 7.8EG 7.82020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would…
- CVE-2020-27767LOWCVSS 3.3EG 3.32020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`.…
- CVE-2020-27768LOWCVSS 3.3EG 3.32021-02-23
In ImageMagick, there is an outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h. This flaw affects ImageMagick versions prior to 7.0.9-0.
- CVE-2020-27769LOWCVSS 3.3EG 3.32021-05-14
In ImageMagick versions before 7.0.9-0, there are outside the range of representable values of type 'float' at MagickCore/quantize.c.
- CVE-2020-27770MEDIUMCVSS 5.5EG 5.52020-12-04
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processe…
- CVE-2020-27771LOWCVSS 3.3EG 3.32020-12-04
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssi…
- CVE-2020-27772LOWCVSS 3.3EG 3.32020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likel…
- CVE-2020-27774LOWCVSS 3.3EG 3.32020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most…
- CVE-2020-27775LOWCVSS 3.3EG 3.32020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would mos…
- CVE-2020-27776LOWCVSS 3.3EG 3.32020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would m…
- CVE-2020-27813HIGHCVSS 7.5EG 7.52020-12-02
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
- CVE-2020-27906HIGHCVSS 8.8EG 8.82020-12-08
Multiple integer overflows were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A remote attacker may be able to cause unexpected application termination or heap corruption.
- CVE-2020-27911HIGHCVSS 7.8EG 7.82020-12-08
An integer overflow was addressed through improved input validation. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, tvOS 14.2, iTunes 12.11 for Windows. A remote attacker may be…
- CVE-2020-27945HIGHCVSS 7.8EG 7.82021-04-02
An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web conte…
- CVE-2020-28009HIGHCVSS 7.8EG 7.82021-05-06
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation may be impractical because of the execut…
- CVE-2020-28017CRITICALCVSS 9.8EG 9.82021-05-06
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.
- CVE-2020-28020CRITICALCVSS 9.8EG 9.82021-05-06
Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction.
- CVE-2020-28248HIGHCVSS 8.8EG 8.82021-02-20
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
- CVE-2020-28371CRITICALCVSS 9.8EG 9.82020-11-09
An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads…
- CVE-2020-28895HIGHCVSS 7.3EG 7.32021-02-03
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leadin…
- CVE-2020-29238HIGHCVSS 7.5EG 7.52021-03-10
An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request.
- CVE-2020-29361HIGHCVSS 7.5EG 7.52020-12-16
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling reall…
- CVE-2020-29384MEDIUMCVSS 5.5EG 5.52020-11-30
An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.
- CVE-2020-3120MEDIUMCVSS 6.5EG 6.52020-02-05
A vulnerability in the Cisco Discovery Protocol implementation for Cisco FXOS Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in…
- CVE-2020-35198CRITICALCVSS 9.8EG 9.82021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer siz…
- CVE-2020-35230MEDIUMCVSS 6.8EG 6.82021-03-10
Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused to cause a denial of service attack.
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →