CVE-2026-50593
Awaiting Analysis Awaiting Analysis - Queue
Integer Underflow in Graphite Leading to Out-of-Bounds Write

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: MITRE

Description
Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-50593
EUVD
EUVD-2026-34784
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
silnrsi graphite to 1.3.15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to memory corruption or crashes in applications using the affected Graphite library. An attacker could exploit the integer underflow to cause an out-of-bounds write, potentially leading to denial of service or unexpected behavior in the software.

Detection Guidance

This vulnerability can be detected by triggering the underflow condition that leads to an out-of-bounds write in the Graphite library. A specific test case named `underflow.ttf` was created to verify this condition, which causes the engine to crash if exploited.

Detection involves running this test case or similar crafted inputs against the Graphite engine to observe if the underflow and resultant crash occur.

No explicit commands are provided in the resources, but you can test your Graphite installation by running the `underflow.ttf` test case included in the updated test suite after applying the fix.

Executive Summary

CVE-2026-50593 is a vulnerability in the Graphite library before version 1.3.15 where a crafted input can cause an integer underflow. This underflow leads to an out-of-bounds write operation because the 'slotat' macro does not properly check if an offset is within the allowed slot-map range.

This improper bounds checking can cause memory corruption or crashes in the engine. The vulnerability was fixed by adding bounds checking to the 'slotat' macro to detect invalid memory accesses and handle them by setting an error status.

Mitigation Strategies

The immediate mitigation step is to update Graphite to version 1.3.15 or later, where the vulnerability has been fixed by adding bounds checking to the `slotat` macro.

This fix ensures that invalid memory accesses are detected and handled by setting an error status, preventing the underflow and out-of-bounds write.

If updating is not immediately possible, avoid processing untrusted or crafted inputs that could trigger the underflow condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50593. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart