VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 100 of 124
  • CVE-2017-17220MedMar 9, 2018
    risk 0.35cvss 5.3epss 0.01

    SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an invalid memory access vulnerabilities. An…

  • CVE-2017-17218MedMar 9, 2018
    risk 0.35cvss 5.3epss 0.01

    SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C10; V500R002C00; V600R006C00 has an out-of-bounds read vulnerability. An…

  • CVE-2017-17283MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00 have an out-of-bound read vulnerability. A remote attacker…

  • CVE-2017-15331MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01,…

  • CVE-2017-12722MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.02

    An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that…

  • CVE-2015-5327MedSep 25, 2017
    risk 0.35cvss 6.5epss 0.02

    Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after.

  • CVE-2017-9434MedJun 5, 2017
    risk 0.35cvss 5.3epss 0.01

    Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read vulnerability in zinflate.cpp in the Inflator filter.

  • CVE-2015-8958MedApr 20, 2017
    risk 0.35cvss 6.5epss 0.03

    coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.

  • CVE-2016-2375MedJan 6, 2017
    risk 0.35cvss 5.3epss 0.03

    An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.

  • CVE-2016-5186MedDec 18, 2016
    risk 0.35cvss 5.3epss 0.01

    Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled objects after a tab crash, which allowed a remote attacker to perform an out of bounds memory read via crafted PDF files.

  • CVE-2016-9803MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.02

    In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.

  • CVE-2016-9797MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.04

    In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

  • CVE-2016-8875MedOct 31, 2016
    risk 0.35cvss 5.3epss 0.01

    The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image, aka "Data from Faulting Address is used as one…

  • CVE-2006-6016MedNov 21, 2006
    risk 0.35cvss 6.5epss 0.02

    wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

  • CVE-2026-52721MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local…

  • CVE-2026-12033MedJun 11, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-45358MedJun 10, 2026
    risk 0.34cvss 5.3epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, an off by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder. This issue has been patched in…

  • CVE-2026-42914MedJun 9, 2026
    risk 0.34cvss 5.3epss 0.01

    Windows Kerberos Denial of Service Vulnerability

  • CVE-2026-11005MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11004MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)