CWE-1077 5 CVEs MITRE definition ↗

CWE-1077: Floating Point Comparison with Incorrect Operator

Overview

CWE-1077 (Floating Point Comparison with Incorrect Operator) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2025-55658 2026-06-09 GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of …
CVE-2023-4720 2023-09-01 Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-32627 2023-07-10 A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.
CVE-2023-26590 2023-07-10 A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
CVE-2022-4293 2022-12-05 Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.

Content submission

Name
CWE Content Team
Organization
MITRE
Date
2018-07-02
Version
3.2
Comment
Entry derived from Common Quality Enumeration (CQE) Draft 0.9.

Content modifications

Date Name Version Importance Comment
2020-08-20 CWE Content Team 4.2 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Common_Consequences, Description, Detection_Factors, Time_of_Introduction
cvelogic Threat Intelligence