CWE-190

Integer Overflow

MITRE

No catalog description on file. The MITRE CWE site has the canonical reference.

CVEs (total)

Critical

High

Medium

Low

Severity distribution

Recent CVEs

showing 50 of 61

CVE-2026-47223Medium· 5.4EPSS 0%2 h ago
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the up
CVE-2025-14098High· 7.87 h ago
Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This i
CVE-2026-47925Medium· 5.5EPSS 0%11 h ago
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the
CVE-2021-30952High· 7.8KEVEPSS 1%14 h ago
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
CVE-2026-21385High· 7.8KEVEPSS 0%14 h ago
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
CVE-2023-2136Critical· 9.6KEVEPSS 0%14 h ago
Google Chrome Skia Integer Overflow Vulnerability
CVE-2018-6065High· 8.8KEVEXPLOITEPSS 90%14 h ago
Google Chromium V8 Integer Overflow Vulnerability
CVE-2025-24985High· 7.8KEVEPSS 2%14 h ago
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
CVE-2022-0185High· 8.4KEVEPSS 2%14 h ago
Linux Kernel Heap-Based Buffer Overflow Vulnerability
CVE-2023-21823High· 7.8KEVEPSS 2%14 h ago
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
CVE-2023-6345Critical· 9.6KEVEPSS 1%14 h ago
Google Skia Integer Overflow Vulnerability
CVE-2016-1010High· 8.8KEVEPSS 13%14 h ago
Adobe Flash Player and AIR Integer Overflow Vulnerability
CVE-2025-48595High· 8.4KEVEPSS 1%14 h ago
Android Framework Integer Overflow Vulnerability
CVE-2023-32434High· 7.8KEVEPSS 52%14 h ago
Apple Multiple Products Integer Overflow Vulnerability
CVE-2021-30860High· 7.8KEVEPSS 72%14 h ago
Apple Multiple Products Integer Overflow Vulnerability
CVE-2023-33107High· 8.4KEVEPSS 0%14 h ago
Qualcomm Multiple Chipsets Integer Overflow Vulnerability
CVE-2024-38080High· 7.8KEVEPSS 14%14 h ago
Microsoft Windows Hyper-V Privilege Escalation Vulnerability
CVE-2021-30663High· 8.8KEVEPSS 1%14 h ago
Apple Multiple Products WebKit Integer Overflow Vulnerability
CVE-2018-14634High· 7.8KEVEXPLOITEPSS 21%14 h ago
Linux Kernel Integer Overflow Vulnerability
CVE-2026-11774High· 7.6EPSS 0%1 d ago
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypa
CVE-2026-42916High· 7.8EPSS 0%1 d ago
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-45592High· 7.8EPSS 0%1 d ago
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45593High· 7.8EPSS 0%1 d ago
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
CVE-2026-47288High· 7.1EPSS 0%2 d ago
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
CVE-2026-47291Critical· 9.8EPSS 0%2 d ago
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-42974High· 8.1EPSS 0%2 d ago
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2025-66280—EPSS 0%2 d ago
An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of t
CVE-2026-34711High· 7.5EPSS 0%2 d ago
CAI Content Credentials versions c2pa-web@0.7.1, c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service
CVE-2026-10722Low· 3.3EPSS 0%2 d ago
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to int
CVE-2026-5121High· 7.5EPSS 0%2 d ago
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a
CVE-2026-4775High· 7.8EPSS 0%2 d ago
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds hea
CVE-2025-14512Medium· 6.5EPSS 0%2 d ago
A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesyst
CVE-2025-14087Medium· 5.6EPSS 0%2 d ago
A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously
CVE-2026-46198High· 8.8EPSS 0%2 d ago
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buff_pos Fixing an integer overflow present in batadv_iv_ogm_send_to_if. The size check is done using the int type in batadv_iv_ogm_ag
CVE-2026-10118High· 7.8EPSS 0%2 d ago
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the `tilingPatternFill` function. This overflow leads to
CVE-2026-34680Medium· 6.2EPSS 0%3 d ago
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to
CVE-2026-34671Medium· 6.2EPSS 0%3 d ago
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to
CVE-2026-41849High· 7.5EPSS 0%3 d ago
An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting
CVE-2023-29146High· 8.2EPSS 0%3 d ago
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsign
CVE-2026-44803High· 7.8EPSS 0%3 d ago
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812High· 7.8EPSS 0%3 d ago
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-35433High· 7.3EPSS 0%3 d ago
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-45130Medium· 6.6EPSS 0%3 d ago
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled leng
CVE-2026-11299Medium· 6.5EPSS 0%3 d ago
Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-41977Medium· 5.0EPSS 0%3 d ago
DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-32759High· 8.1EPSS 0%3 d ago
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
go
CVE-2025-25248Medium· 5.3EPSS 0%3 d ago
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version 7.6.2 and below, version 7.4.3 and below
CVE-2026-48095High· 8.8EPSS 0%4 d ago
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuSize shift UB), potentially allowing atta
CVE-2026-48112Medium· 6.5EPSS 0%4 d ago
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. Whe
CVE-2026-11281Medium· 5.0EPSS 0%4 d ago
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low)

CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.