CWE-191: Integer Underflow — known CVE vulnerabilities
CVEs classified under CWE-191 (Integer Underflow), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2007-0063 — CVSS 10.0 (critical): Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before…
CVE-2026-53176 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN In…
CVE-2025-52471 — CVSS 9.8 (critical): ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the…
CVE-2025-29909 — CVSS 9.8 (critical): CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure…
CVE-2024-47606 — CVSS 9.8 (critical): GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function…
CVE-2018-9388 — CVSS 9.8 (critical): In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or…
CVE-2024-23313 — CVSS 9.8 (critical): An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch…
CVE-2024-0808 — CVSS 9.8 (critical): Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-40589 — CVSS 9.8 (critical): ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.
CVE-2021-1920 — CVSS 9.8 (critical): Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1919 — CVSS 9.8 (critical): Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute…
CVE-2021-21811 — CVSS 9.8 (critical): A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially…
CVE-2021-28027 — CVSS 9.8 (critical): An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of…
CVE-2020-28194 — CVSS 9.8 (critical): Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attribute with length field is less than 2…
CVE-2020-3691 — CVSS 9.8 (critical): Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon…
CVE-2020-3675 — CVSS 9.8 (critical): u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto…
CVE-2020-15900 — CVSS 9.8 (critical): A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of…
CVE-2018-21065 — CVSS 9.8 (critical): An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS…
CVE-2019-20590 — CVSS 9.8 (critical): An issue was discovered on Samsung mobile devices with O(8.x) (Qualcomm chipsets) software. There is an integer underflow in the Secure…
CVE-2019-14083 — CVSS 9.8 (critical): While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is…
CVE-2019-14199 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a…
CVE-2019-14192 — CVSS 9.8 (critical): An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a…
CVE-2019-2245 — CVSS 9.8 (critical): Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to…
CVE-2019-2244 — CVSS 9.8 (critical): Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to…
CVE-2018-11930 — CVSS 9.8 (critical): Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer…
CVE-2018-20181 — CVSS 9.8 (critical): rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function…
CVE-2018-20180 — CVSS 9.8 (critical): rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function…
CVE-2018-20179 — CVSS 9.8 (critical): rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function…
CVE-2018-14817 — CVSS 9.8 (critical): Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.
CVE-2018-14353 — CVSS 9.8 (critical): An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.
CVE-2015-9198 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2015-9167 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD…
CVE-2015-9129 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear…
CVE-2015-2311 — CVSS 9.8 (critical): Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or…
CVE-2017-11757 — CVSS 9.8 (critical): Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted…
CVE-2017-9214 — CVSS 9.8 (critical): In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused…
CVE-2017-8911 — CVSS 9.8 (critical): An integer underflow has been identified in the unicode_to_utf8() function in tnef 1.4.14. This might lead to invalid write operations…
CVE-2016-10166 — CVSS 9.8 (critical): Integer underflow in the _gdContributionsAlloc function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.4 allows…
CVE-2016-1925 — CVSS 9.8 (critical): Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or…
CVE-2015-0537 — CVSS 9.8 (critical): Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before…
CVE-2005-0199 — CVSS 9.8 (critical): Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service…
CVE-2025-2523 — CVSS 9.4 (critical): The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An…
CVE-2024-57823 — CVSS 9.3 (critical): In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in…