CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-MG9W-4H7R-F7P3
Vulnerability from github – Published: 2022-05-14 03:36 – Updated: 2025-04-20 03:34tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.
{
"affected": [],
"aliases": [
"CVE-2016-10268"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-24T19:59:00Z",
"severity": "HIGH"
},
"details": "tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to \"READ of size 78490\" and libtiff/tif_unix.c:115:23.",
"id": "GHSA-mg9w-4h7r-f7p3",
"modified": "2025-04-20T03:34:47Z",
"published": "2022-05-14T03:36:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10268"
},
{
"type": "WEB",
"url": "https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3602-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97202"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGRR-XQ8C-QFP2
Vulnerability from github – Published: 2026-05-21 09:32 – Updated: 2026-05-21 09:32An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.
{
"affected": [],
"aliases": [
"CVE-2026-44069"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T08:16:22Z",
"severity": "LOW"
},
"details": "An integer underflow in the volxlate function in Netatalk 3.0.0 through 4.4.2 allows a local privileged user to obtain limited information, modify limited data, or cause a minor service disruption via crafted volume translation input.",
"id": "GHSA-mgrr-xq8c-qfp2",
"modified": "2026-05-21T09:32:11Z",
"published": "2026-05-21T09:32:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44069"
},
{
"type": "WEB",
"url": "https://netatalk.io/security/CVE-2026-44069"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MHHW-8J27-MG72
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.
{
"affected": [],
"aliases": [
"CVE-2026-54982"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:05Z",
"severity": "HIGH"
},
"details": "Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.",
"id": "GHSA-mhhw-8j27-mg72",
"modified": "2026-07-14T18:32:07Z",
"published": "2026-07-14T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54982"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54982"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ7J-VPM3-62GC
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2025-04-20 03:33Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
{
"affected": [],
"aliases": [
"CVE-2017-6313"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-10T02:59:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.",
"id": "GHSA-mj7j-vpm3-62gc",
"modified": "2025-04-20T03:33:56Z",
"published": "2022-05-13T01:24:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6313"
},
{
"type": "WEB",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"type": "WEB",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96779"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MR39-XFW3-R82C
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-10-26 12:00An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
{
"affected": [],
"aliases": [
"CVE-2021-26260"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-191",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-08T12:15:00Z",
"severity": "MODERATE"
},
"details": "An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.",
"id": "GHSA-mr39-xfw3-r82c",
"modified": "2022-10-26T12:00:32Z",
"published": "2022-05-24T19:04:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26260"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947582"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5299"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MV3G-PWV2-RFXP
Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:42Microsoft Message Queuing Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-36909"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T18:15:16Z",
"severity": "MODERATE"
},
"details": "Microsoft Message Queuing Denial of Service Vulnerability",
"id": "GHSA-mv3g-pwv2-rfxp",
"modified": "2024-04-04T06:42:32Z",
"published": "2023-08-08T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36909"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36909"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWVQ-QCGP-8M94
Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2022-05-14 03:14In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
{
"affected": [],
"aliases": [
"CVE-2018-5850"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-06T21:29:00Z",
"severity": "HIGH"
},
"details": "In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",
"id": "GHSA-mwvq-qcgp-8m94",
"modified": "2022-05-14T03:14:09Z",
"published": "2022-05-14T03:14:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5850"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-05-01"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXG6-5PV2-X2RF
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
{
"affected": [],
"aliases": [
"CVE-2016-10166"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T15:59:00Z",
"severity": "CRITICAL"
},
"details": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.",
"id": "GHSA-mxg6-5pv2-x2rf",
"modified": "2022-05-17T00:27:44Z",
"published": "2022-05-17T00:27:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10166"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"type": "WEB",
"url": "http://libgd.github.io/release-2.2.4.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/26/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95869"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P38H-JP3X-5J69
Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-53954"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T21:15:20Z",
"severity": "HIGH"
},
"details": "Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-p38h-jp3x-5j69",
"modified": "2024-12-10T21:30:53Z",
"published": "2024-12-10T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53954"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3XG-2R2P-7RM4
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
media: ar0521: don't overflow when checking PLL values
The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow.
Fix it ensuring that both sides of the expression are u64.
{
"affected": [],
"aliases": [
"CVE-2024-53081"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ar0521: don\u0027t overflow when checking PLL values\n\nThe PLL checks are comparing 64 bit integers with 32 bit\nones, as reported by Coverity. Depending on the values of\nthe variables, this may underflow.\n\nFix it ensuring that both sides of the expression are u64.",
"id": "GHSA-p3xg-2r2p-7rm4",
"modified": "2025-11-04T00:32:05Z",
"published": "2024-11-19T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53081"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/438d3085ba5b8b5bfa5290faa594e577f6ac9aa7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e1523076acf95b4ea68d19b6f27e6891267cc24"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97ed0c0332d5525653668b31acf62ff1e6b50784"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a244b82d0ae60326901f2b50c15e3118298b7ecd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.