VYPR

CWE-191

Integer Underflow (Wrap or Wraparound)

BaseDraft

Description

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

This can happen in signed and unsigned cases.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (155)

page 4 of 8
  • CVE-2016-7800HigFeb 6, 2017
    risk 0.49cvss 7.5epss 0.04

    Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow.

  • CVE-2011-1770HigJun 24, 2011
    risk 0.49cvss 7.5epss 0.04

    Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel before 2.6.33.14 allows remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggers a…

  • CVE-2005-1891HigJun 9, 2005
    risk 0.49cvss 7.5epss 0.02

    The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable.

  • CVE-2004-1002HigMar 1, 2005
    risk 0.49cvss 7.5epss 0.03

    Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.

  • CVE-2015-8370HigDec 16, 2015
    risk 0.48cvss 7.4epss 0.01

    Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in…

  • CVE-2026-32149HigApr 14, 2026
    risk 0.47cvss 7.3epss 0.00

    Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2026-7424HigApr 29, 2026
    risk 0.46cvss 8.1epss 0.00

    Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (permanent IP task freeze…

  • CVE-2026-5188HigApr 10, 2026
    risk 0.46cvss 8.1epss 0.00

    An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This…

  • CVE-2017-6313HigMar 10, 2017
    risk 0.46cvss 7.1epss 0.02

    Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.

  • CVE-2025-65092MedNov 21, 2025
    risk 0.45cvss epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, and 5.3.4, when the ESP32-P4 uses its hardware JPEG decoder, the software parser lacks necessary validation checks. A specially crafted (malicious) JPEG image could exploit the…

  • CVE-2026-31656HigApr 24, 2026
    risk 0.44cvss 7.8epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat A use-after-free / refcount underflow is possible when the heartbeat worker and intel_engine_park_heartbeat() race to release the same…

  • CVE-2024-38517HigJul 9, 2024
    risk 0.44cvss 7.8epss 0.00

    Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened;…

  • CVE-2016-10268HigMar 24, 2017
    risk 0.44cvss 7.8epss 0.02

    tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (integer underflow and heap-based buffer under-read) or possibly have unspecified other impact via a crafted TIFF image, related to "READ of size 78490" and libtiff/tif_unix.c:115:23.

  • CVE-2017-14997MedOct 4, 2017
    risk 0.43cvss 6.5epss 0.03

    GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (excessive memory allocation) because of an integer underflow in ReadPICTImage in coders/pict.c.

  • CVE-2026-35049MedJun 2, 2026
    risk 0.42cvss 6.5epss 0.00

    wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically…

  • CVE-2026-44060HigMay 21, 2026
    risk 0.42cvss 7.5epss 0.00

    An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a crafted DSI write request.

  • CVE-2026-42268HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator)…

  • CVE-2026-33845HigApr 30, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of…

  • CVE-2026-6914MedApr 29, 2026
    risk 0.42cvss 6.5epss 0.00

    Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 versions prior to 8.0.21, MongoDB Server…

  • CVE-2026-31662HigApr 24, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_ackers on every inbound group ACK, even when the same member has already…