VYPR

CWE-123

Write-what-where Condition

BaseDraftLikelihood: High

Description

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (20)

  • CVE-2025-69809CriMar 16, 2026
    risk 0.64cvss 9.8epss 0.01

    A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.

  • CVE-2015-8271CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.06

    The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.

  • CVE-2024-42479CriAug 12, 2024
    risk 0.58cvss 10.0epss 0.03

    llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerability is fixed in b3561.

  • CVE-2025-9900HigSep 23, 2025
    risk 0.57cvss 8.8epss 0.01

    A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into…

  • CVE-2026-43284HigMay 8, 2026
    risk 0.55cvss 8.8epss 0.93

    In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths…

  • CVE-2024-44067HigAug 19, 2024
    risk 0.55cvss 8.4epss 0.00

    The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite.

  • CVE-2024-36877HigAug 12, 2024
    risk 0.54cvss 8.2epss 0.01

    Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI…

  • CVE-2026-30121CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    remotion-dev remotion v4.0.409 was discovered to contain an arbitrary file write vulnerability.

  • CVE-2026-41952HigApr 29, 2026
    risk 0.51cvss 7.8epss 0.00

    Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183.

  • CVE-2018-16962HigSep 12, 2018
    risk 0.51cvss 7.8epss 0.01

    Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.

  • CVE-2018-12036HigJun 7, 2018
    risk 0.51cvss 7.8epss 0.02

    OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.

  • CVE-2017-6282HigMar 6, 2018
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high.

  • CVE-2017-10994HigJul 7, 2017
    risk 0.48cvss 7.3epss 0.05

    Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.

  • CVE-2018-15376MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The…

  • CVE-2018-15375MedOct 5, 2018
    risk 0.44cvss 6.7epss 0.00

    A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The…

  • CVE-2025-14857MedApr 7, 2026
    risk 0.35cvss epss 0.00

    An improper access control vulnerability exists in Semtech LoRa LR11xxx transceivers running early versions of firmware where the memory write command accessible via the physical SPI interface fails to enforce write protection on the program call stack. An attacker with physical…

  • CVE-2025-29943MedJan 16, 2026
    risk 0.30cvss epss 0.00

    Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

  • CVE-2025-62164Nov 21, 2025
    risk 0.00cvss epss 0.01

    vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead to a crash (denial-of-service) and potentially remote code execution (RCE), exists in the Completions API endpoint. When…

  • CVE-2025-64324Nov 18, 2025
    risk 0.00cvss epss 0.00

    KubeVirt is a virtual machine management add-on for Kubernetes. The `hostDisk` feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more…

  • CVE-2025-55298Aug 26, 2025
    risk 0.00cvss epss 0.04

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to…