CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
640 vulnerabilities reference this CWE, most recent first.
GHSA-MHHW-8J27-MG72
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.
{
"affected": [],
"aliases": [
"CVE-2026-54982"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T17:17:05Z",
"severity": "HIGH"
},
"details": "Integer underflow (wrap or wraparound) in Reliable Multicast Transport Driver (RMCAST) allows an unauthorized attacker to execute code over an adjacent network.",
"id": "GHSA-mhhw-8j27-mg72",
"modified": "2026-07-14T18:32:07Z",
"published": "2026-07-14T18:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-54982"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54982"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MJ7J-VPM3-62GC
Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2025-04-20 03:33Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.
{
"affected": [],
"aliases": [
"CVE-2017-6313"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-10T02:59:00Z",
"severity": "HIGH"
},
"details": "Integer underflow in the load_resources function in io-icns.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (out-of-bounds read and program crash) via a crafted image entry size in an ICO file.",
"id": "GHSA-mj7j-vpm3-62gc",
"modified": "2025-04-20T03:33:56Z",
"published": "2022-05-13T01:24:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6313"
},
{
"type": "WEB",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=779016"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJF5ARFOX4BFUK6YCBKGAKBQYECO3AI2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSAZ6UCKKXC5VOWXGWQHOX2ZBLLATIOT"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-08"
},
{
"type": "WEB",
"url": "http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/21/4"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/26/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96779"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MR39-XFW3-R82C
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-10-26 12:00An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
{
"affected": [],
"aliases": [
"CVE-2021-26260"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-191",
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-08T12:15:00Z",
"severity": "MODERATE"
},
"details": "An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.",
"id": "GHSA-mr39-xfw3-r82c",
"modified": "2022-10-26T12:00:32Z",
"published": "2022-05-24T19:04:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26260"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947582"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BXFLD4ZAXKAIWO6ZPBCQEEDZB5IG676K"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5299"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MV3G-PWV2-RFXP
Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:42Microsoft Message Queuing Denial of Service Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-36909"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T18:15:16Z",
"severity": "MODERATE"
},
"details": "Microsoft Message Queuing Denial of Service Vulnerability",
"id": "GHSA-mv3g-pwv2-rfxp",
"modified": "2024-04-04T06:42:32Z",
"published": "2023-08-08T18:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36909"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36909"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWVQ-QCGP-8M94
Vulnerability from github – Published: 2022-05-14 03:14 – Updated: 2022-05-14 03:14In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
{
"affected": [],
"aliases": [
"CVE-2018-5850"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-06T21:29:00Z",
"severity": "HIGH"
},
"details": "In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.",
"id": "GHSA-mwvq-qcgp-8m94",
"modified": "2022-05-14T03:14:09Z",
"published": "2022-05-14T03:14:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5850"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-05-01"
},
{
"type": "WEB",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXG6-5PV2-X2RF
Vulnerability from github – Published: 2022-05-17 00:27 – Updated: 2022-05-17 00:27Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.
{
"affected": [],
"aliases": [
"CVE-2016-10166"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-15T15:59:00Z",
"severity": "CRITICAL"
},
"details": "Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via vectors related to decrementing the u variable.",
"id": "GHSA-mxg6-5pv2-x2rf",
"modified": "2022-05-17T00:27:44Z",
"published": "2022-05-17T00:27:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10166"
},
{
"type": "WEB",
"url": "https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2519"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3299"
},
{
"type": "WEB",
"url": "http://libgd.github.io/release-2.2.4.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3777"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/26/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/01/28/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95869"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P38H-JP3X-5J69
Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-53954"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T21:15:20Z",
"severity": "HIGH"
},
"details": "Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-p38h-jp3x-5j69",
"modified": "2024-12-10T21:30:53Z",
"published": "2024-12-10T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53954"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3XG-2R2P-7RM4
Vulnerability from github – Published: 2024-11-19 18:31 – Updated: 2025-11-04 00:32In the Linux kernel, the following vulnerability has been resolved:
media: ar0521: don't overflow when checking PLL values
The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow.
Fix it ensuring that both sides of the expression are u64.
{
"affected": [],
"aliases": [
"CVE-2024-53081"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-19T18:15:27Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ar0521: don\u0027t overflow when checking PLL values\n\nThe PLL checks are comparing 64 bit integers with 32 bit\nones, as reported by Coverity. Depending on the values of\nthe variables, this may underflow.\n\nFix it ensuring that both sides of the expression are u64.",
"id": "GHSA-p3xg-2r2p-7rm4",
"modified": "2025-11-04T00:32:05Z",
"published": "2024-11-19T18:31:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53081"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/438d3085ba5b8b5bfa5290faa594e577f6ac9aa7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e1523076acf95b4ea68d19b6f27e6891267cc24"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/97ed0c0332d5525653668b31acf62ff1e6b50784"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a244b82d0ae60326901f2b50c15e3118298b7ecd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P527-WJVQ-VXG8
Vulnerability from github – Published: 2026-01-16 21:30 – Updated: 2026-01-16 21:30In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2025-62291"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-16T19:16:18Z",
"severity": "HIGH"
},
"details": "In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow.",
"id": "GHSA-p527-wjvq-vxg8",
"modified": "2026-01-16T21:30:37Z",
"published": "2026-01-16T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62291"
},
{
"type": "WEB",
"url": "https://github.com/strongswan/strongswan/commits/master/src/libcharon/plugins/eap_mschapv2"
},
{
"type": "WEB",
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/11/msg00002.html"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6WP-HHX9-7JJ5
Vulnerability from github – Published: 2026-04-12 21:30 – Updated: 2026-04-12 21:30In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
{
"affected": [],
"aliases": [
"CVE-2026-40386"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-12T19:16:20Z",
"severity": "MODERATE"
},
"details": "In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.",
"id": "GHSA-p6wp-hhx9-7jj5",
"modified": "2026-04-12T21:30:18Z",
"published": "2026-04-12T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40386"
},
{
"type": "WEB",
"url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.