CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,942 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 42 of 59
- CVE-2023-36328CRITICALCVSS 9.8EG 9.82023-09-01
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
- CVE-2023-36395HIGHCVSS 7.5EG 7.52023-11-14
Windows Deployment Services Denial of Service Vulnerability
- CVE-2023-36401HIGHCVSS 7.2EG 7.22023-11-14
Microsoft Remote Registry Service Remote Code Execution Vulnerability
- CVE-2023-36478HIGHCVSS 7.5EG 7.52023-10-10
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to ex…
- CVE-2023-36495CRITICALCVSS 9.8EG 9.82023-07-28
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execu…
- CVE-2023-36576MEDIUMCVSS 5.5EG 5.52023-10-10
Windows Kernel Information Disclosure Vulnerability
- CVE-2023-36582HIGHCVSS 7.3EG 7.32023-10-10
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-36593HIGHCVSS 7.8EG 7.82023-10-10
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-36792HIGHCVSS 7.8EG 7.82023-09-12
Visual Studio Remote Code Execution Vulnerability
- CVE-2023-36864HIGHCVSS 7.8EG 7.82024-01-08
An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malic…
- CVE-2023-36866HIGHCVSS 7.8EG 7.82023-08-08
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2023-36900HIGHCVSS 7.8EG 7.82023-08-08
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2023-36910CRITICALCVSS 9.8EG 9.82023-08-08
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-36911CRITICALCVSS 9.8EG 9.82023-08-08
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-36915HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a mali…
- CVE-2023-36916HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a mali…
- CVE-2023-37327HIGHCVSS 8.8EG 7.62024-05-03
GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exp…
- CVE-2023-37536HIGHCVSS 8.2EG 8.22023-10-11
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
- CVE-2023-38103HIGHCVSS 8.8EG 8.82024-05-03
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required t…
- CVE-2023-38104HIGHCVSS 8.8EG 8.82024-05-03
GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required t…
- CVE-2023-38127HIGHCVSS 7.8EG 7.82023-10-19
An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially re…
- CVE-2023-38142HIGHCVSS 7.8EG 7.82023-09-12
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-38150HIGHCVSS 7.8EG 7.82023-09-12
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-38403HIGHCVSS 7.5EG 5.52023-07-17
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
- CVE-2023-38560MEDIUMCVSS 5.5EG 5.52023-08-01
An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.
- CVE-2023-38618HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger th…
- CVE-2023-38619HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger th…
- CVE-2023-38620HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger th…
- CVE-2023-38621HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger th…
- CVE-2023-38622HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger th…
- CVE-2023-38623HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger th…
- CVE-2023-38650HIGHCVSS 7.0EG 7.02024-01-08
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to…
- CVE-2023-38651HIGHCVSS 7.0EG 7.02024-01-08
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to…
- CVE-2023-38652HIGHCVSS 7.0EG 7.02024-01-08
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to …
- CVE-2023-38653HIGHCVSS 7.0EG 7.02024-01-08
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to …
- CVE-2023-38698MEDIUMCVSS 4.9EG 4.92023-08-04
Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, b…
- CVE-2023-39125HIGHCVSS 7.5EG 7.52023-08-18
NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well tested …
- CVE-2023-39270HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-39271HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-39272HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-39273HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-39274HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-39275HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger …
- CVE-2023-39316HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-39317HIGHCVSS 7.8EG 7.82024-01-08
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger the…
- CVE-2023-40022HIGHCVSS 7.8EG 7.82023-08-24
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the …
- CVE-2023-40186MEDIUMCVSS 6.5EG 6.52023-08-31
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. …
- CVE-2023-40218LOWCVSS 2.0EG 2.02023-09-12
An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.
- CVE-2023-40353LOWCVSS 2.0EG 2.02023-09-08
An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.
- CVE-2023-40474HIGHCVSS 8.8EG 8.82024-05-03
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to expl…
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →