VYPR

CWE-191

Integer Underflow (Wrap or Wraparound)

BaseDraft

Description

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

This can happen in signed and unsigned cases.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (155)

page 3 of 8
  • CVE-2023-33158HigJul 11, 2023
    risk 0.51cvss 7.8epss 0.01

    Microsoft Excel Remote Code Execution Vulnerability

  • CVE-2019-13104HigAug 6, 2019
    risk 0.51cvss 7.8epss 0.01

    In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.

  • CVE-2018-15418HigOct 5, 2018
    risk 0.51cvss 7.8epss 0.02

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates…

  • CVE-2018-3999HigOct 1, 2018
    risk 0.51cvss 7.8epss 0.01

    An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and…

  • CVE-2018-11301HigSep 18, 2018
    risk 0.51cvss 7.8epss 0.00

    In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow.

  • CVE-2018-5850HigJun 6, 2018
    risk 0.51cvss 7.8epss 0.00

    In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

  • CVE-2017-7367HigJun 13, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.

  • CVE-2017-3034HigApr 12, 2017
    risk 0.51cvss 7.8epss 0.05

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary…

  • CVE-2014-9883HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm…

  • CVE-2026-46384HigMay 29, 2026
    risk 0.50cvss epss 0.00

    iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On…

  • CVE-2026-43916HigMay 12, 2026
    risk 0.50cvss epss 0.00

    pam_authnft is a PAM session module binding nftables firewall rules to authenticated sessions via cgroupv2 inodes. Prior to 0.2.0-alpha, a heap buffer over-read in peer_lookup_tcp (src/peer_lookup.c:134, prior to the fix) allowed a crafted NETLINK_SOCK_DIAG reply to slip past…

  • CVE-2026-43187HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: xfs: delete attr leaf freemap entries when empty Back in commit 2a2b5932db6758 ("xfs: fix attr leaf header freemap.size underflow"), Brian Foster observed that it's possible for a small freemap at the end of…

  • CVE-2018-14325HigJul 16, 2018
    risk 0.50cvss 8.8epss 0.02

    In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.

  • CVE-2026-42542HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.01

    TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are…

  • CVE-2026-49494HigJun 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header…

  • CVE-2026-37231HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    FlexRIC v2.0.0 uses a uint16_t counter for xapp_id assignment but stores the value in uint32_t message fields. After 65,530+ E42_SETUP_REQUESTs, the 16-bit counter wraps around and produces duplicate xapp_ids. The iApp (port 36422) crashes when attempting to register a duplicate…

  • CVE-2025-4948HigMay 19, 2025
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper…

  • CVE-2023-47360HigNov 7, 2023
    risk 0.49cvss 7.5epss 0.01

    Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

  • CVE-2018-12230HigJul 10, 2018
    risk 0.49cvss 7.5epss 0.01

    An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant integer underflow attacks.

  • CVE-2018-12025HigJun 11, 2018
    risk 0.49cvss 7.5epss 0.02

    The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. The developer messed up with the boolean judgment - if the input value is…