CWE-191— Integer Underflow
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.— MITRE CWE catalog
453 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-191page 8 of 10
- CVE-2025-55096MEDIUMCVSS 6.1EG 6.12025-10-17
In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get() when parsing a descriptor of an USB HID device.
- CVE-2025-55118HIGHCVSS 8.9EG 8.92025-09-16
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting …
- CVE-2025-59242HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-59368MEDIUMCVSS 6.0EG 6.02025-11-25
An integer underflow vulnerability has been identified in Aicloud. An authenticated attacker may trigger this vulnerability by sending a crafted request, potentially impacting the availability of the device. Refer to the ' Security Update…
- CVE-2025-61826HIGHCVSS 7.8EG 7.82025-11-11
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2025-61835HIGHCVSS 7.8EG 7.82025-11-11
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u…
- CVE-2025-61836HIGHCVSS 7.8EG 7.82025-11-11
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us…
- CVE-2025-62291HIGHCVSS 8.1EG 8.12026-01-16
In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
- CVE-2025-62495HIGHCVSS 8.8EG 8.82025-10-16
An integer overflow vulnerability exists in the QuickJS regular expression engine (libregexp) due to an inconsistent representation of the bytecode buffer size. * The regular expression bytecode is stored in a DynBuf structure, which c…
- CVE-2025-62567MEDIUMCVSS 5.3EG 5.32025-12-09
Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.
- CVE-2025-62594MEDIUMCVSS 5.5EG 4.72025-10-27
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function…
- CVE-2025-64076HIGHCVSS 7.5EG 7.52025-11-18
Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read (CWE-191, CWE-125): An incorrect…
- CVE-2025-65092MEDIUMCVSS 6.9EG 6.92025-11-21
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (mal…
- CVE-2025-66217HIGHCVSS 7.5EG 7.52025-11-29
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sen…
- CVE-2025-67269HIGHCVSS 7.5EG 7.52026-01-02
An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `l…
- CVE-2026-1005MEDIUMCVSS 5.3EG 5.32026-03-19
Integer underflow in wolfSSL packet sniffer <= 5.8.4 allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_Dec…
- CVE-2026-11789MEDIUMCVSS 6.5EG 4.92026-06-09
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP …
- CVE-2026-11850MEDIUMCVSS 5.0EG 5.02026-06-11
An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_l…
- CVE-2026-20957HIGHCVSS 7.8EG 7.82026-01-13
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-21489MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below have Out-of-bounds Read and Integer Underflow (Wrap or Wraparound) vulnerabilities in its CIccCalculatorFunc::SequenceN…
- CVE-2026-22185MEDIUMCVSS 4.6EG 4.62026-01-07
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded N…
- CVE-2026-23069CVSS 0.0EG 5.52026-02-04
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() uses unsigned arithmetic: ret = vvs->pe…
- CVE-2026-2369MEDIUMCVSS 6.5EG 6.52026-03-19
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an ap…
- CVE-2026-23748LOWCVSS 3.7EG 3.72026-02-26
Golioth Firmware SDK version 0.10.0 prior to 0.22.0, fixed in commit d7f55b38, contain an out-of-bounds read in LightDB State string parsing. When processing a string payload, a payload_size value less than 2 can cause a size_t underflow…
- CVE-2026-23951MEDIUMCVSS 5.5EG 5.52026-01-22
SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbRead…
- CVE-2026-25075HIGHCVSS 7.5EG 7.52026-03-23
strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields…
- CVE-2026-25104HIGHCVSS 7.8EG 7.82026-05-26
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
- CVE-2026-25532MEDIUMCVSS 6.3EG 6.32026-02-04
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, a vulnerability exists in the WPS (Wi-Fi Protected Setup) Enrollee implementation where malformed EAP-WSC packets w…
- CVE-2026-26204MEDIUMCVSS 4.4EG 4.42026-04-29
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 …
- CVE-2026-27296HIGHCVSS 7.8EG 7.82026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…
- CVE-2026-27297HIGHCVSS 7.8EG 7.82026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user…
- CVE-2026-27907HIGHCVSS 7.8EG 7.82026-04-14
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
- CVE-2026-28525MEDIUMCVSS 6.8EG 6.82026-04-23
SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoose_multipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malform…
- CVE-2026-29008HIGHCVSS 7.5EG 7.52026-07-08
U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcp_rx_state_machine() function (net/tcp.c) that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a mani…
- CVE-2026-30803CRITICALCVSS 9.1EG 9.12026-06-17
Integer Underflow (Wrap or Wraparound) vulnerability in RTI Connext Micro (Core Libraries) allows Overread Buffers.This issue affects Connext Micro: from 4.0.0 before 4.3.0.
- CVE-2026-3084HIGHCVSS 7.8EG 7.82026-03-16
GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to e…
- CVE-2026-31417HIGHCVSS 7.5EG 7.52026-04-13
In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` also needs to be resetted when purging `f…
- CVE-2026-31551MEDIUMCVSS 5.5EG 5.52026-04-24
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. syzbot reported static_branch_dec() underflow in aql_enable_write(). [0] The problem is that aql_enab…
- CVE-2026-31617MEDIUMCVSS 5.5EG 5.52026-04-24
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() The block_len read from the host-supplied NTB header is checked against ntb_max but has no lower bound…
- CVE-2026-31656HIGHCVSS 7.8EG 7.82026-04-24
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat A use-after-free / refcount underflow is possible when the heartbeat worker and intel_engine_park_hear…
- CVE-2026-31662HIGHCVSS 7.5EG 7.52026-04-24
In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_ackers on every inbound group ACK, even …
- CVE-2026-3172HIGHCVSS 8.1EG 8.12026-02-25
Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from other relations or crash the database server.
- CVE-2026-32149HIGHCVSS 7.3EG 7.32026-04-14
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-32775HIGHCVSS 7.4EG 7.42026-03-16
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
- CVE-2026-33184HIGHCVSS 7.5EG 7.52026-04-03
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it …
- CVE-2026-33845CRITICALCVSS 9.1EG 7.52026-04-30
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may c…
- CVE-2026-33899MEDIUMCVSS 5.3EG 5.32026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds.…
- CVE-2026-33999HIGHCVSS 7.8EG 7.82026-04-23
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to …
- CVE-2026-34064MEDIUMCVSS 5.3EG 5.32026-04-22
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but it constructs th…
- CVE-2026-34667MEDIUMCVSS 6.2EG 6.22026-05-12
CAI Content Credentials versions [email protected], c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnera…
Map vulnerabilities like CWE-191 to your infrastructure
EchelonGraph correlates every CVE — across CWE-191 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →