CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-3384-2CR5-CQ96
Vulnerability from github – Published: 2026-07-15 00:31 – Updated: 2026-07-15 00:31CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
{
"affected": [],
"aliases": [
"CVE-2026-48298"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T22:17:01Z",
"severity": "MODERATE"
},
"details": "CAI Content Credentials is affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.",
"id": "GHSA-3384-2cr5-cq96",
"modified": "2026-07-15T00:31:42Z",
"published": "2026-07-15T00:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48298"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/content-authenticity-sdk/apsb26-80.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3542-2FJ4-6438
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-14817"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-26T20:29:00Z",
"severity": "CRITICAL"
},
"details": "Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.",
"id": "GHSA-3542-2fj4-6438",
"modified": "2022-05-13T01:34:25Z",
"published": "2022-05-13T01:34:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14817"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105341"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3727-RQP8-9H64
Vulnerability from github – Published: 2025-11-11 18:30 – Updated: 2025-11-11 18:30Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-61836"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-11T18:15:42Z",
"severity": "HIGH"
},
"details": "Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-3727-rqp8-9h64",
"modified": "2025-11-11T18:30:22Z",
"published": "2025-11-11T18:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61836"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-111.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-38XC-J7PW-37V9
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2022-05-24 16:45An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow.
{
"affected": [],
"aliases": [
"CVE-2019-10053"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-13T21:29:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \\n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \\r results in an integer underflow.",
"id": "GHSA-38xc-j7pw-37v9",
"modified": "2022-05-24T16:45:33Z",
"published": "2022-05-24T16:45:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10053"
},
{
"type": "WEB",
"url": "https://lists.openinfosecfoundation.org/pipermail/oisf-announce"
},
{
"type": "WEB",
"url": "https://suricata-ids.org/2019/04/30/suricata-4-1-4-released"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3G9W-X9XQ-CQ9G
Vulnerability from github – Published: 2026-03-04 21:32 – Updated: 2026-03-06 00:31Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)
{
"affected": [],
"aliases": [
"CVE-2026-3538"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-472"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T20:16:20Z",
"severity": "HIGH"
},
"details": "Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)",
"id": "GHSA-3g9w-x9xq-cq9g",
"modified": "2026-03-06T00:31:29Z",
"published": "2026-03-04T21:32:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3538"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/484983991"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3J6F-GVGR-R53V
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-38681"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.",
"id": "GHSA-3j6f-gvgr-r53v",
"modified": "2023-02-21T18:30:16Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38681"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3M69-8MPC-R6H3
Vulnerability from github – Published: 2022-05-13 01:03 – Updated: 2025-04-12 12:53Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.
{
"affected": [],
"aliases": [
"CVE-2015-5212"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-11-10T17:59:00Z",
"severity": "MODERATE"
},
"details": "Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting \"Load printer settings with the document\" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.",
"id": "GHSA-3m69-8mpc-r6h3",
"modified": "2025-04-12T12:53:54Z",
"published": "2022-05-13T01:03:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5212"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201603-05"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-03"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2619.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3394"
},
{
"type": "WEB",
"url": "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5212"
},
{
"type": "WEB",
"url": "http://www.openoffice.org/security/cves/CVE-2015-5212.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/77486"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034085"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034091"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2793-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-3M9H-8R9R-7C84
Vulnerability from github – Published: 2021-12-24 00:00 – Updated: 2022-08-16 00:00Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2021-4066"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-23T01:15:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-3m9h-8r9r-7c84",
"modified": "2022-08-16T00:00:40Z",
"published": "2021-12-24T00:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4066"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1274499"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5046"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3MQG-485V-X9G7
Vulnerability from github – Published: 2026-06-05 06:30 – Updated: 2026-06-05 06:30Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.
{
"affected": [],
"aliases": [
"CVE-2026-50593"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-05T04:17:15Z",
"severity": "HIGH"
},
"details": "Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.",
"id": "GHSA-3mqg-485v-x9g7",
"modified": "2026-06-05T06:30:28Z",
"published": "2026-06-05T06:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50593"
},
{
"type": "WEB",
"url": "https://github.com/silnrsi/graphite/commit/ad78c6b7319909e1540c1b134e115ced03417866"
},
{
"type": "WEB",
"url": "https://github.com/silnrsi/graphite/compare/1.3.14...1.3.15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3P4F-J34W-3MFC
Vulnerability from github – Published: 2025-01-14 21:31 – Updated: 2025-01-14 21:31Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-21134"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-14T19:15:34Z",
"severity": "HIGH"
},
"details": "Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-3p4f-j34w-3mfc",
"modified": "2025-01-14T21:31:47Z",
"published": "2025-01-14T21:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21134"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/illustrator-mobile-ios/apsb25-04.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.