CWE-190— Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.— MITRE CWE catalog
2,938 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-190page 7 of 59
- CVE-2018-12070HIGHCVSS 7.5EG 7.52018-06-25
The sell function of a smart contract implementation for SEC, a tradable Ethereum ERC20 token, allows a potential trap that could be used to cause financial damage to the seller, because of overflow of the multiplication of its argument am…
- CVE-2018-12264HIGHCVSS 8.8EG 8.82018-06-13
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
- CVE-2018-12265HIGHCVSS 8.8EG 8.82018-06-13
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
- CVE-2018-12293HIGHCVSS 8.8EG 8.82018-06-19
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based …
- CVE-2018-12361HIGHCVSS 8.8EG 8.82018-10-18
An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. T…
- CVE-2018-12362HIGHCVSS 8.8EG 8.82018-10-18
An integer overflow can occur during graphics operations done by the Supplemental Streaming SIMD Extensions 3 (SSSE3) scaler, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Fi…
- CVE-2018-12371HIGHCVSS 8.8EG 8.82020-07-09
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This …
- CVE-2018-12393HIGHCVSS 7.5EG 7.52019-02-28
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible…
- CVE-2018-12447HIGHCVSS 8.8EG 8.82018-06-15
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
- CVE-2018-12511HIGHCVSS 7.5EG 7.52018-09-21
In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily.
- CVE-2018-12617HIGHCVSS 7.5EG 7.52018-06-21
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memor…
- CVE-2018-12842MEDIUMCVSS 5.5EG 5.52018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.
- CVE-2018-12881MEDIUMCVSS 5.5EG 5.52018-10-12
Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an integer overflow vulnerability. Successful exploitation could lead to information disclosure.
- CVE-2018-12896MEDIUMCVSS 5.5EG 5.52018-07-02
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the over…
- CVE-2018-13041HIGHCVSS 7.5EG 7.52018-07-01
The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13053LOWCVSS 3.3EG 3.32018-07-02
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
- CVE-2018-13068HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13069HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13070HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13071HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13072HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13073HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13074HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13075HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13076HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13077HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13078HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Jitech (JTH), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13079HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for GoodTo (GTO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13080HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Goutex (GTX), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13081HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for GZS Token (GZS), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13082HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for MODI Token (MODI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13083HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Plaza Token (PLAZA), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13084HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Good Time Coin (GTY), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13085HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for FreeCoin (FREE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13086HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for IADOWR Coin (IAD), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13087HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Coinstar (CSTR), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13088HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Futures Pease (FP), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13089HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Universal Coin (UCOIN), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13090HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for YiTongCoin (YTC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13091HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for sumocoin (SUMO), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13092HIGHCVSS 7.5EG 7.52018-07-03
The mintToken function of a smart contract implementation for Reimburse Token (REIM), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
- CVE-2018-13113HIGHCVSS 7.5EG 7.52018-07-03
The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
- CVE-2018-13126HIGHCVSS 7.5EG 7.52018-07-04
MoxyOnePresale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13127HIGHCVSS 7.5EG 7.52018-07-04
SP8DE PreSale Token (DSPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13128HIGHCVSS 7.5EG 7.52018-07-04
Etherty Token (ETY) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13129HIGHCVSS 7.5EG 7.52018-07-04
SP8DE Token (SPX) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13130HIGHCVSS 7.5EG 7.52018-07-04
Bitotal (TFUND) is a smart contract running on Ethereum. The mintTokens function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13131HIGHCVSS 7.5EG 7.52018-07-04
SpadePreSale is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13132HIGHCVSS 7.5EG 7.52018-07-04
Spadeico is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
- CVE-2018-13144HIGHCVSS 7.5EG 7.52018-07-04
The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow. NOTE: this has been disputed by a third party.
Map vulnerabilities like CWE-190 to your infrastructure
EchelonGraph correlates every CVE — across CWE-190 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →