CWE-191
Integer Underflow (Wrap or Wraparound)
Description
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (155)
page 3 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-33158 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2023 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2019-13104 | Hig | 0.51 | 7.8 | 0.01 | Aug 6, 2019 | In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | ||
| CVE-2018-15418 | Hig | 0.51 | 7.8 | 0.02 | Oct 5, 2018 | A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates… | ||
| CVE-2018-3999 | Hig | 0.51 | 7.8 | 0.01 | Oct 1, 2018 | An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and… | ||
| CVE-2018-11301 | Hig | 0.51 | 7.8 | 0.00 | Sep 18, 2018 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow. | ||
| CVE-2018-5850 | — | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2018 | In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |
| CVE-2017-7367 | Hig | 0.51 | 7.8 | 0.00 | Jun 13, 2017 | In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image. | ||
| CVE-2017-3034 | Hig | 0.51 | 7.8 | 0.05 | Apr 12, 2017 | Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary… | ||
| CVE-2014-9883 | Hig | 0.51 | 7.8 | 0.00 | Aug 6, 2016 | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm… | ||
| CVE-2026-46384 | Hig | 0.50 | — | 0.00 | May 29, 2026 | iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On… | ||
| CVE-2026-43916 | Hig | 0.50 | — | 0.00 | May 12, 2026 | pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed a crafted NETLINK_SOCK_DIAG reply to slip past… | ||
| CVE-2026-43187 | Hig | 0.50 | 8.8 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow"), Brian Foster observed that it's possible for a small freemap at the end of… | ||
| CVE-2018-14325 | Hig | 0.50 | 8.8 | 0.02 | Jul 16, 2018 | In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp. | ||
| CVE-2026-42542 | Hig | 0.49 | 7.5 | 0.01 | Jun 10, 2026 | TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are… | ||
| CVE-2026-49494 | Hig | 0.49 | 7.5 | 0.01 | Jun 7, 2026 | Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header… | ||
| CVE-2026-37231 | Hig | 0.49 | 7.5 | 0.00 | Jun 1, 2026 | FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate… | ||
| CVE-2025-4948 | Hig | 0.49 | 7.5 | 0.01 | May 19, 2025 | A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper… | ||
| CVE-2023-47360 | Hig | 0.49 | 7.5 | 0.01 | Nov 7, 2023 | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | ||
| CVE-2018-12230 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2018 | An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks. | ||
| CVE-2018-12025 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2018 | The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is… |
- risk 0.51cvss 7.8epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
- risk 0.51cvss 7.8epss 0.02
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…
- risk 0.51cvss 7.8epss 0.01
An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and…
- risk 0.51cvss 7.8epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.
- risk 0.51cvss 7.8epss 0.00
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
- risk 0.51cvss 7.8epss 0.00
In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.
- risk 0.51cvss 7.8epss 0.05
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary…
- risk 0.51cvss 7.8epss 0.00
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm…
- risk 0.50cvss —epss 0.00
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On…
- risk 0.50cvss —epss 0.00
pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed a crafted NETLINK_SOCK_DIAG reply to slip past…
- risk 0.50cvss 8.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow"), Brian Foster observed that it's possible for a small freemap at the end of…
- risk 0.50cvss 8.8epss 0.02
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
- risk 0.49cvss 7.5epss 0.01
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are…
- risk 0.49cvss 7.5epss 0.01
Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header…
- risk 0.49cvss 7.5epss 0.00
FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate…
- risk 0.49cvss 7.5epss 0.01
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper…
- risk 0.49cvss 7.5epss 0.01
Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.
- risk 0.49cvss 7.5epss 0.01
An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.
- risk 0.49cvss 7.5epss 0.02
The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is…