CWE-191
Integer Underflow
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 15 of 15- CVE-2026-42542High· 7.5EPSS 0%15 h ago
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No
- CVE-2026-11789Medium· 4.9EPSS 0%16 h ago
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP s
- CVE-2026-47222Medium· 5.4EPSS 0%16 h ago
NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the up
- CVE-2021-31956High· 7.8KEVEPSS 91%18 h ago
Microsoft Windows NTFS Privilege Escalation Vulnerability
- CVE-2014-0497Critical· 9.8KEVEXPLOITEPSS 93%18 h ago
Adobe Flash Player Integer Underflow Vulnerablity
- CVE-2026-11850Medium· 5.0EPSS 0%19 h ago
An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The function performs an unsigned subtraction (bv_len - 2) without a prior bounds check. When bv_le
- CVE-2026-42326Medium· 5.1EPSS 0%1 d ago
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single b
- CVE-2026-45469High· 7.8EPSS 0%1 d ago
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-42980High· 7.8EPSS 0%1 d ago
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-42981High· 8.1EPSS 0%1 d ago
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
- CVE-2026-34672Medium· 6.2EPSS 0%3 d ago
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerab
- CVE-2026-34667Medium· 6.2EPSS 0%3 d ago
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerab
- CVE-2026-45463High· 8.4EPSS 0%3 d ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-33999High· 7.8EPSS 0%4 d ago
ZDI-26-333: X.Org Server XkbSetCompatMap Integer Underflow Privilege Escalation Vulnerability
- CVE-2026-49494High· 7.5EPSS 0%4 d ago
Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the s
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.