CWE-191
AllowedInteger Underflow (Wrap or Wraparound)
Abstraction: Base · Status: Draft
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
642 vulnerabilities reference this CWE, most recent first.
GHSA-CCFP-87CW-C3RX
Vulnerability from github – Published: 2025-12-09 18:30 – Updated: 2025-12-09 18:30Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.
{
"affected": [],
"aliases": [
"CVE-2025-62567"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-09T18:16:02Z",
"severity": "MODERATE"
},
"details": "Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.",
"id": "GHSA-ccfp-87cw-c3rx",
"modified": "2025-12-09T18:30:46Z",
"published": "2025-12-09T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62567"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62567"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CGMH-C4F5-P3JP
Vulnerability from github – Published: 2022-05-17 00:36 – Updated: 2022-05-17 00:36The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.
{
"affected": [],
"aliases": [
"CVE-2017-14796"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-28T01:29:00Z",
"severity": "HIGH"
},
"details": "The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (integer underflow and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with copy_CTB_to_hv in hevc_filter.c in libavcodec in FFmpeg and sao_filter_CTB in hevc_filter.c in libavcodec in FFmpeg.",
"id": "GHSA-cgmh-c4f5-p3jp",
"modified": "2022-05-17T00:36:05Z",
"published": "2022-05-17T00:36:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14796"
},
{
"type": "WEB",
"url": "https://github.com/leonzhao7/vulnerability/blob/master/An%20integer%20underflow%20vulnerability%20in%20sao_filter_CTB%20of%20libbpg.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJG2-2FJG-FPH4
Vulnerability from github – Published: 2022-01-14 21:03 – Updated: 2024-10-24 21:50Impact
A bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. It is recommended that you apply the patch as soon as possible.
If you do not use MODEXP precompile in your runtime, then you are not impacted.
Patches
Patches are applied in PR #549.
Workarounds
None.
References
Patch PR: #549
Credits
Thanks to SR-Labs for discovering the security vulnerability, and thanks to PureStake team for the patches.
For more information
If you have any questions or comments about this advisory: * Open an issue in the Frontier repo
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pallet-evm-precompile-modexp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21685"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-14T19:58:51Z",
"nvd_published_at": "2022-01-14T17:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nA bug in Frontier\u0027s MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds (and production WebAssembly binaries), the impact is limited as it can only cause a normal EVM out-of-gas. It is recommended that you apply the patch as soon as possible.\n\nIf you do not use MODEXP precompile in your runtime, then you are not impacted.\n\n### Patches\n\nPatches are applied in PR #549.\n\n### Workarounds\n\nNone.\n\n### References\n\nPatch PR: #549\n\n### Credits\n\nThanks to SR-Labs for discovering the security vulnerability, and thanks to PureStake team for the patches.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in the [Frontier repo](https://github.com/paritytech/frontier)\n",
"id": "GHSA-cjg2-2fjg-fph4",
"modified": "2024-10-24T21:50:43Z",
"published": "2022-01-14T21:03:36Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-cjg2-2fjg-fph4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21685"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/pull/549"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/commit/8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664"
},
{
"type": "PACKAGE",
"url": "https://github.com/paritytech/frontier"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Integer underflow in Frontier"
}
GHSA-CJQX-M2FF-VGJ5
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2025-02-12 18:31A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{
"affected": [],
"aliases": [
"CVE-2021-20240"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-28T11:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of bounds write can occur when a crafted GIF image is loaded. An attacker may cause applications to crash or could potentially execute code on the victim system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-cjqx-m2ff-vgj5",
"modified": "2025-02-12T18:31:20Z",
"published": "2022-05-24T19:03:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20240"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1926787"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5H3GNVWMZTYZR3JBYCK57PF7PFMQBNP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BGZVCTH5O7WBJLYXZ2UOKLYNIFPVR55D"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EANWYODLOJDFLMBH6WEKJJMQ5PKLEWML"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJRF-279R-429F
Vulnerability from github – Published: 2024-04-28 15:30 – Updated: 2025-09-18 15:30In the Linux kernel, the following vulnerability has been resolved:
exfat: fix overflow for large capacity partition
Using int type for sector index, there will be overflow in a large capacity partition.
For example, if storage with sector size of 512 bytes and partition capacity is larger than 2TB, there will be overflow.
{
"affected": [],
"aliases": [
"CVE-2022-48665"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-28T13:15:08Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix overflow for large capacity partition\n\nUsing int type for sector index, there will be overflow in a large\ncapacity partition.\n\nFor example, if storage with sector size of 512 bytes and partition\ncapacity is larger than 2TB, there will be overflow.",
"id": "GHSA-cjrf-279r-429f",
"modified": "2025-09-18T15:30:21Z",
"published": "2024-04-28T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48665"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17244f71765dfec39e84493993993e896c376d09"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e9ceb6728f1dc2fa4b5d08f37d88cbc49a20a62"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CM56-MVX6-66QM
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-30 03:37In the Linux kernel, the following vulnerability has been resolved:
IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN
In drivers/infiniband/ulp/isert/ib_isert.c, isert_login_recv_done() computes the login request payload length as wc->byte_len minus ISER_HEADERS_LEN with no lower bound, and login_req_len is a signed int. A remote iSER initiator can post a login Send work request carrying fewer than ISER_HEADERS_LEN (76) bytes, so the subtraction underflows and login_req_len becomes negative.
isert_rx_login_req() then reads that negative length back into a signed int, takes size = min(rx_buflen, MAX_KEY_VALUE_PAIRS), and because the min() is signed it keeps the negative value; the value is then passed as the memcpy() length and sign-extended to a multi-gigabyte size_t. The copy into the 8192-byte login->req_buf runs far out of bounds and faults, crashing the target node. The login phase precedes iSCSI authentication, so no credentials are required to reach this path.
Reject any login PDU shorter than ISER_HEADERS_LEN before the subtraction, mirroring the existing early return on a failed work completion, so login_req_len can never go negative. The upper bound was already safe: a posted login buffer cannot deliver more than ISER_RX_PAYLOAD_SIZE, so the difference stays at or below MAX_KEY_VALUE_PAIRS and the existing min() clamps it; only the missing lower bound needs to be added.
{
"affected": [],
"aliases": [
"CVE-2026-53176"
],
"database_specific": {
"cwe_ids": [
"CWE-191",
"CWE-839"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:34Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN\n\nIn drivers/infiniband/ulp/isert/ib_isert.c, isert_login_recv_done()\ncomputes the login request payload length as wc-\u003ebyte_len minus\nISER_HEADERS_LEN with no lower bound, and login_req_len is a signed int.\nA remote iSER initiator can post a login Send work request carrying\nfewer than ISER_HEADERS_LEN (76) bytes, so the subtraction underflows\nand login_req_len becomes negative.\n\nisert_rx_login_req() then reads that negative length back into a signed\nint, takes size = min(rx_buflen, MAX_KEY_VALUE_PAIRS), and because the\nmin() is signed it keeps the negative value; the value is then passed as\nthe memcpy() length and sign-extended to a multi-gigabyte size_t. The\ncopy into the 8192-byte login-\u003ereq_buf runs far out of bounds and\nfaults, crashing the target node. The login phase precedes iSCSI\nauthentication, so no credentials are required to reach this path.\n\nReject any login PDU shorter than ISER_HEADERS_LEN before the\nsubtraction, mirroring the existing early return on a failed work\ncompletion, so login_req_len can never go negative. The upper bound was\nalready safe: a posted login buffer cannot deliver more than\nISER_RX_PAYLOAD_SIZE, so the difference stays at or below\nMAX_KEY_VALUE_PAIRS and the existing min() clamps it; only the missing\nlower bound needs to be added.",
"id": "GHSA-cm56-mvx6-66qm",
"modified": "2026-06-30T03:37:13Z",
"published": "2026-06-25T09:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53176"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-53176"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492741"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1ca40b243277c9e88be5e00bd3e083f71aefb93e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/29e7b925ae6df64894e82ab6419994dc25580a8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/75ee6e4aa096aa9e7b2dd5c8ff98356e30aceefb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bd22740d7f14cb1c0289444cfd2c8d2938667c1d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1234229399f4af12c553b1b0ffd978eeba65548"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5584e089b5af7b3bf8bd5e8ca0560cbf32b0a47"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/df422fd273c96c2ee5beb80fc21adc8c70c29260"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e8a013c0c3ca2f6708341a56612a3f6d6921620a"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53176.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMJ5-X3XF-69WQ
Vulnerability from github – Published: 2026-04-30 18:30 – Updated: 2026-07-06 21:30A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
{
"affected": [],
"aliases": [
"CVE-2026-33845"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T18:16:28Z",
"severity": "HIGH"
},
"details": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.",
"id": "GHSA-cmj5-x3xf-69wq",
"modified": "2026-07-06T21:30:25Z",
"published": "2026-04-30T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33845"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-33845.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450624"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-33845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36005"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34372"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:32962"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30849"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30004"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26409"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26319"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20613"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20612"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20611"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:13274"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CMMQ-26GR-W7RC
Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
{
"affected": [],
"aliases": [
"CVE-2021-3472"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-26T15:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xserver which can lead to a local privilege escalation. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-cmmq-26gr-w7rc",
"modified": "2022-05-24T17:48:51Z",
"published": "2022-05-24T17:48:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3472"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944167"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/7aaf54a1884f71dc363f0b884e57bcb67407a6cd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00013.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDF7TAJE7NPZPNVOXSD5HBIFLNPUOD2V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO6S5OPXUDYBSRSVWVLFLJ6AFERG4HNY"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N63KL3T22HNFT4FJ7VMVF6U5Q4RFJIQF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEXPCLMVU25AUZTUXC4MYBGPKOAIM5TW"
},
{
"type": "WEB",
"url": "https://lists.x.org/archives/xorg-announce/2021-April/003080.html"
},
{
"type": "WEB",
"url": "https://seclists.org/oss-sec/2021/q2/20"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202104-02"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4893"
},
{
"type": "WEB",
"url": "https://www.tenable.com/plugins/nessus/148701"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-463"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/04/13/1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CPQJ-R29Q-CHRH
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-06-16 23:23An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "bam"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-28027"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-16T23:23:31Z",
"nvd_published_at": "2021-03-05T09:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.",
"id": "GHSA-cpqj-r29q-chrh",
"modified": "2022-06-16T23:23:31Z",
"published": "2022-05-24T17:43:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28027"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/tprodanov/bam"
},
{
"type": "WEB",
"url": "https://gitlab.com/tprodanov/bam/-/issues/4"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Loading a bgzip block can write out of bounds if size overflows."
}
GHSA-CQ97-8J47-5P59
Vulnerability from github – Published: 2025-05-13 18:30 – Updated: 2025-05-13 18:30Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-43546"
],
"database_specific": {
"cwe_ids": [
"CWE-191"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T18:15:40Z",
"severity": "HIGH"
},
"details": "Bridge versions 15.0.3, 14.1.6 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-cq97-8j47-5p59",
"modified": "2025-05-13T18:30:58Z",
"published": "2025-05-13T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43546"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb25-44.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.