CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,939 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 29 of 59
- CVE-2021-21837HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ar…
- CVE-2021-21838HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ar…
- CVE-2021-21839HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ar…
- CVE-2021-21840HIGHCVSS 8.8EG 8.82021-08-25
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code…
- CVE-2021-21841HIGHCVSS 8.8EG 8.82021-08-25
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can ca…
- CVE-2021-21842HIGHCVSS 8.8EG 8.82021-08-25
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom us…
- CVE-2021-21843HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ar…
- CVE-2021-21844HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FO…
- CVE-2021-21845HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overfl…
- CVE-2021-21846HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overfl…
- CVE-2021-21847HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overfl…
- CVE-2021-21848HIGHCVSS 8.8EG 8.82021-08-25
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when…
- CVE-2021-21849HIGHCVSS 8.8EG 8.82021-08-25
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounter…
- CVE-2021-21850HIGHCVSS 8.8EG 8.82021-08-25
An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounter…
- CVE-2021-21851HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “csgp” decoder sample group description in…
- CVE-2021-21852HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input at “stss” decoder can cause an integer overfl…
- CVE-2021-21853HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ad…
- CVE-2021-21854HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ad…
- CVE-2021-21855HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ad…
- CVE-2021-21856HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ad…
- CVE-2021-21857HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ad…
- CVE-2021-21858HIGHCVSS 8.8EG 8.82021-08-18
Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked ad…
- CVE-2021-21859HIGHCVSS 8.8EG 8.82021-08-16
An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. …
- CVE-2021-21862HIGHCVSS 8.8EG 7.82021-08-18
Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an improper memory allocation resulti…
- CVE-2021-21914HIGHCVSS 8.8EG 8.82022-04-14
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnera…
- CVE-2021-21948HIGHCVSS 7.8EG 7.82022-04-14
A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to t…
- CVE-2021-22156CRITICALCVSS 9.0EG 9.82021-08-17
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX O…
- CVE-2021-22319HIGHCVSS 7.5EG 7.52022-02-25
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
- CVE-2021-22323CRITICALCVSS 9.8EG 9.82021-06-30
There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vulnerabilities may escalate the permission to that of the root user.
- CVE-2021-22388CRITICALCVSS 9.8EG 9.82021-08-02
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed.
- CVE-2021-22412HIGHCVSS 7.5EG 7.52021-08-02
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random kernel address access.
- CVE-2021-22413HIGHCVSS 7.5EG 7.52021-08-02
There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset.
- CVE-2021-22418HIGHCVSS 7.8EG 7.82021-08-03
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- CVE-2021-22422HIGHCVSS 7.8EG 7.82021-08-03
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- CVE-2021-22437HIGHCVSS 7.0EG 7.02022-02-25
There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploitation of this vulnerability may cause random address access.
- CVE-2021-22441MEDIUMCVSS 5.5EG 5.52022-02-25
Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to kernel crash.
- CVE-2021-22451HIGHCVSS 7.8EG 7.82021-10-28
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
- CVE-2021-22455MEDIUMCVSS 5.5EG 5.52021-10-28
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.
- CVE-2021-22480CRITICALCVSS 9.8EG 9.82022-02-25
The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploitation of this vulnerability may lead to heap memory overflow.
- CVE-2021-22556MEDIUMCVSS 5.3EG 7.82022-05-03
The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recomm…
- CVE-2021-22636HIGHCVSS 7.4EG 7.42023-11-20
Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' a…
- CVE-2021-22671CRITICALCVSS 9.8EG 9.82021-05-07
Multiple integer overflow issues exist while processing long domain names, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, CC13X0 SDK vers…
- CVE-2021-22675HIGHCVSS 7.2EG 7.22021-05-07
The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware update files, which may allow an attacker to remotely execute code on SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4…
- CVE-2021-22677HIGHCVSS 7.8EG 7.82021-05-07
An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may lead to issues such as a denial-of-service condition or code execution on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32X…
- CVE-2021-22679CRITICALCVSS 9.8EG 9.82021-05-07
The affected product is vulnerable to an integer overflow while processing HTTP headers, which may allow an attacker to remotely execute code on the SimpleLink Wi-Fi (MSP432E4 SDK: v4.20.00.12 and prior, CC32XX SDK v4.30.00.06 and prior, C…
- CVE-2021-22680HIGHCVSS 7.3EG 9.82022-05-03
NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a cr…
- CVE-2021-22684HIGHCVSS 7.5EG 7.52021-08-31
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash
- CVE-2021-23215MEDIUMCVSS 5.5EG 5.52021-06-08
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
- CVE-2021-23840HIGHCVSS 7.5EG 7.52021-02-16
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the re…
- CVE-2021-24025CRITICALCVSS 9.8EG 9.82021-03-10
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all version…
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →