VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 10 of 124
  • CVE-2017-9166CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.

  • CVE-2017-9165CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.

  • CVE-2017-9164CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.

  • CVE-2017-9152CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.

  • CVE-2017-9058CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.

  • CVE-2017-9055CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.

  • CVE-2017-9054CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.

  • CVE-2017-9052CriMay 18, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().

  • CVE-2017-3060CriApr 12, 2017
    risk 0.64cvss 9.8epss 0.08

    Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.

  • CVE-2017-5897CriMar 23, 2017
    risk 0.64cvss 9.8epss 0.05

    The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.

  • CVE-2017-5538CriMar 23, 2017
    risk 0.64cvss 9.8epss 0.03

    The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka…

  • CVE-2015-8608CriFeb 7, 2017
    risk 0.64cvss 9.8epss 0.05

    The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

  • CVE-2016-9935CriJan 4, 2017
    risk 0.64cvss 9.8epss 0.07

    The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket…

  • CVE-2016-7951CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.

  • CVE-2016-5407CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.

  • CVE-2016-5687CriDec 13, 2016
    risk 0.64cvss 9.8epss 0.05

    The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.

  • CVE-2016-9555CriNov 28, 2016
    risk 0.64cvss 9.8epss 0.09

    The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted…

  • CVE-2016-9539CriNov 22, 2016
    risk 0.64cvss 9.8epss 0.03

    tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.

  • CVE-2016-6294CriJul 25, 2016
    risk 0.64cvss 9.8epss 0.06

    The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service…

  • CVE-2023-36424HigKEVNov 14, 2023
    risk 0.63cvss 7.8epss 0.12

    Windows Common Log File System Driver Elevation of Privilege Vulnerability