CWE-190 (Integer Overflow or Wraparound) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | — | Not Language-Specific | Undetermined | — |
| language | C | — | Often | — |
| technology | — | Not Technology-Specific | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-14098 | 2026-06-12 | Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service … |
| CVE-2026-47223 | 2026-06-12 | NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vb… |
| CVE-2026-11774 | 2026-06-11 | An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC … |
| CVE-2025-66280 | 2026-06-10 | An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulne… |
| CVE-2026-34711 | 2026-06-09 | CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the app… |
| CVE-2026-47925 | 2026-06-09 | Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could … |
| CVE-2023-29146 | 2026-06-09 | The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if th… |
| CVE-2026-47291 | 2026-06-09 | Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network. |
| CVE-2026-47288 | 2026-06-09 | Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network. |
| CVE-2026-45593 | 2026-06-09 | Use after free in Windows SDK allows an authorized attacker to elevate privileges locally. |
| CVE-2026-45592 | 2026-06-09 | Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally. |
| CVE-2026-44812 | 2026-06-09 | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. |
| CVE-2026-44803 | 2026-06-09 | Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. |
| CVE-2026-42974 | 2026-06-09 | Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. |
| CVE-2026-42916 | 2026-06-09 | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. |
| CVE-2026-41977 | 2026-06-09 | DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2026-41849 | 2026-06-09 | An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers e… |
| CVE-2026-48112 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in … |
| CVE-2026-48095 | 2026-06-05 | 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCuS… |
| CVE-2026-11299 | 2026-06-05 | Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security … |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Terminology_Notes |
| 2008-10-14 | CWE Content Team | 1.0.1 | — | updated Common_Consequences, Description, Potential_Mitigations, Terminology_Notes |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-01-12 | CWE Content Team | 1.2 | — | updated Description, Name |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Demonstrative_Examples |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Relationships |
| 2010-02-16 | CWE Content Team | 1.8 | — | updated Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns |
| 2010-06-21 | CWE Content Team | 1.9 | — | updated Common_Consequences, Potential_Mitigations, References |
| 2010-09-27 | CWE Content Team | 1.10 | — | updated Observed_Examples, Potential_Mitigations |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2011-06-27 | CWE Content Team | 2.0 | — | updated Relationships |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Common_Consequences, Demonstrative_Examples, References, Relationships |
| 2012-10-30 | CWE Content Team | 2.3 | — | updated Potential_Mitigations |
| 2013-07-17 | CWE Content Team | 2.5 | — | updated References |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Detection_Factors, Relationships, Taxonomy_Mappings |
| 2015-12-07 | CWE Content Team | 2.9 | — | updated Relationships |
| 2017-01-19 | CWE Content Team | 2.10 | — | updated Relationships |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Functional_Areas, Observed_Examples, References, Taxonomy_Mappings |
| 2018-03-27 | CWE Content Team | 3.1 | — | updated References |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2019-09-19 | CWE Content Team | 3.4 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Observed_Examples |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Observed_Examples |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Potential_Mitigations |
| 2021-07-20 | CWE Content Team | 4.5 | — | updated Relationships |
| 2022-06-28 | CWE Content Team | 4.8 | — | updated Observed_Examples, Relationships |
| 2022-10-13 | CWE Content Team | 4.9 | — | updated Observed_Examples |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description, Detection_Factors |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Relationships, Taxonomy_Mappings |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes, Relationships |
| 2023-10-26 | CWE Content Team | 4.13 | — | updated Observed_Examples |
| 2024-02-29 | CWE Content Team | 4.14 | — | updated Observed_Examples |
| 2024-07-16 | CWE Content Team | 4.15 | — | updated Alternate_Terms, Common_Consequences, Description, Diagram, Mapping_Notes, Modes_of_Introduction, Other_Notes, References, Relationship_Notes, Terminology_Notes |
| 2024-11-19 | CWE Content Team | 4.16 | — | updated Relationships |
| 2025-04-03 | CWE Content Team | 4.17 | — | updated Applicable_Platforms, Observed_Examples |
| 2025-09-09 | CWE Content Team | 4.18 | — | updated Detection_Factors, Observed_Examples, Potential_Mitigations, References |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Applicable_Platforms, Observed_Examples, Weakness_Ordinalities |
| Type | Name | Date | Comment |
|---|---|---|---|
| Content | "Mapping CWE to 62443" Sub-Working Group | 2023-04-25 | Suggested mappings to ISA/IEC 62443. |
| Content | Abhi Balakrishnan | 2024-02-29 | Provided diagram to improve CWE usability |
| Feedback | Zheng Zhang | 2025-06-16 | reported CVE-2022-21668 as an incorrect observed example for this entry, when CVE-2019-19911 was intended |