VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 239 of 549
  • CVE-2025-15533MedJan 18, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has…

  • CVE-2025-15155MedDec 28, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach.…

  • CVE-2025-15013MedDec 22, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in floooh sokol up to 5d11344150973f15e16d3ec4ee7550a73fb995e0. The impacted element is the function _sg_validate_pipeline_desc in the library sokol_gfx.h. Such manipulation leads to stack-based buffer overflow. The attack must be carried out…

  • CVE-2025-14958MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be…

  • CVE-2025-14956MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host.…

  • CVE-2025-13120MedNov 13, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The…

  • CVE-2025-12875MedNov 7, 2025
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally.…

  • CVE-2025-12745MedNov 5, 2025
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made…

  • CVE-2020-36855MedOct 21, 2025
    risk 0.27cvss 5.3epss 0.00

    A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The…

  • CVE-2025-11012MedSep 26, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The…

  • CVE-2025-3548MedApr 14, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer…

  • CVE-2024-13941MedApr 1, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be…

  • CVE-2025-3017MedMar 31, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/ta_regtest/ta_test_func/test_minmax.c of the component ta_regtest. The manipulation leads to out-of-bounds write. It is…

  • CVE-2025-3001MedMar 31, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability classified as critical was found in PyTorch 2.6.0. This vulnerability affects the function torch.lstm_cell. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

  • CVE-2025-2999MedMar 31, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and…

  • CVE-2025-2998MedMar 31, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has…

  • CVE-2016-7094MedSep 21, 2016
    risk 0.27cvss 4.1epss 0.00

    Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS administrators on guests running with shadow paging to cause a denial of service via a pagetable update.

  • CVE-2016-4499MedMay 12, 2016
    risk 0.27cvss 4.2epss 0.01

    Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2016-4496MedMay 12, 2016
    risk 0.27cvss 4.2epss 0.00

    Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by triggering a crafted index value, as demonstrated by an integer overflow.

  • CVE-2026-10275MedJun 1, 2026
    risk 0.26cvss 5.0epss 0.00

    A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The…