CWE-125
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (2,466)
page 10 of 124| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9166 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11. | ||
| CVE-2017-9165 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11. | ||
| CVE-2017-9164 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11. | ||
| CVE-2017-9152 | Cri | 0.64 | 9.8 | 0.02 | May 23, 2017 | libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41. | ||
| CVE-2017-9058 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2017 | In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c. | ||
| CVE-2017-9055 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2017 | An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read. | ||
| CVE-2017-9054 | Cri | 0.64 | 9.8 | 0.02 | May 18, 2017 | An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read. | ||
| CVE-2017-9052 | Cri | 0.64 | 9.8 | 0.03 | May 18, 2017 | An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list(). | ||
| CVE-2017-3060 | Cri | 0.64 | 9.8 | 0.08 | Apr 12, 2017 | Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2017-5897 | Cri | 0.64 | 9.8 | 0.05 | Mar 23, 2017 | The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. | ||
| CVE-2017-5538 | Cri | 0.64 | 9.8 | 0.03 | Mar 23, 2017 | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka… | ||
| CVE-2015-8608 | Cri | 0.64 | 9.8 | 0.05 | Feb 7, 2017 | The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. | ||
| CVE-2016-9935 | Cri | 0.64 | 9.8 | 0.07 | Jan 4, 2017 | The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket… | ||
| CVE-2016-7951 | Cri | 0.64 | 9.8 | 0.02 | Dec 13, 2016 | Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks. | ||
| CVE-2016-5407 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. | ||
| CVE-2016-5687 | Cri | 0.64 | 9.8 | 0.05 | Dec 13, 2016 | The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read. | ||
| CVE-2016-9555 | Cri | 0.64 | 9.8 | 0.09 | Nov 28, 2016 | The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted… | ||
| CVE-2016-9539 | Cri | 0.64 | 9.8 | 0.03 | Nov 22, 2016 | tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092. | ||
| CVE-2016-6294 | Cri | 0.64 | 9.8 | 0.06 | Jul 25, 2016 | The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service… | ||
| CVE-2023-36424 | Hig | 0.63 | 7.8 | 0.12 | KEV | Nov 14, 2023 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:18:11.
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:17:11.
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the GET_COLOR function in color.c:16:11.
- risk 0.64cvss 9.8epss 0.02
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the pnm_load_raw function in input-pnm.c:346:41.
- risk 0.64cvss 9.8epss 0.02
In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.
- risk 0.64cvss 9.8epss 0.02
An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.
- risk 0.64cvss 9.8epss 0.02
An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.
- risk 0.64cvss 9.8epss 0.03
An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().
- risk 0.64cvss 9.8epss 0.08
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
- risk 0.64cvss 9.8epss 0.05
The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
- risk 0.64cvss 9.8epss 0.03
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka…
- risk 0.64cvss 9.8epss 0.05
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
- risk 0.64cvss 9.8epss 0.07
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket…
- risk 0.64cvss 9.8epss 0.02
Multiple integer overflows in X.org libXtst before 1.2.3 allow remote X servers to trigger out-of-bounds memory access operations by leveraging the lack of range checks.
- risk 0.64cvss 9.8epss 0.05
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data.
- risk 0.64cvss 9.8epss 0.05
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.
- risk 0.64cvss 9.8epss 0.09
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted…
- risk 0.64cvss 9.8epss 0.03
tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readContigTilesIntoBuffer(). Reported as MSVR 35092.
- risk 0.64cvss 9.8epss 0.06
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service…
- risk 0.63cvss 7.8epss 0.12
Windows Common Log File System Driver Elevation of Privilege Vulnerability