CVE-2026-50593
Integer Underflow in Graphite Leading to Out-of-Bounds Write
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| silnrsi | graphite | to 1.3.15 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption or crashes in applications using the affected Graphite library. An attacker could exploit the integer underflow to cause an out-of-bounds write, potentially leading to denial of service or unexpected behavior in the software.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by triggering the underflow condition that leads to an out-of-bounds write in the Graphite library. A specific test case named `underflow.ttf` was created to verify this condition, which causes the engine to crash if exploited.
Detection involves running this test case or similar crafted inputs against the Graphite engine to observe if the underflow and resultant crash occur.
No explicit commands are provided in the resources, but you can test your Graphite installation by running the `underflow.ttf` test case included in the updated test suite after applying the fix.
Can you explain this vulnerability to me?
CVE-2026-50593 is a vulnerability in the Graphite library before version 1.3.15 where a crafted input can cause an integer underflow. This underflow leads to an out-of-bounds write operation because the 'slotat' macro does not properly check if an offset is within the allowed slot-map range.
This improper bounds checking can cause memory corruption or crashes in the engine. The vulnerability was fixed by adding bounds checking to the 'slotat' macro to detect invalid memory accesses and handle them by setting an error status.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Graphite to version 1.3.15 or later, where the vulnerability has been fixed by adding bounds checking to the `slotat` macro.
This fix ensures that invalid memory accesses are detected and handled by setting an error status, preventing the underflow and out-of-bounds write.
If updating is not immediately possible, avoid processing untrusted or crafted inputs that could trigger the underflow condition.