VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 102 of 124
  • CVE-2018-0894MedMar 14, 2018
    risk 0.34cvss 4.7epss 0.02

    The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability…

  • CVE-2017-14905MedDec 5, 2017
    risk 0.34cvss 5.3epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.

  • CVE-2017-14903MedDec 5, 2017
    risk 0.34cvss 5.3epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the SENDACTIONFRAME IOCTL, a buffer over-read can occur if the payload length is less than 7.

  • CVE-2026-45624MedJun 10, 2026
    risk 0.33cvss 5.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has…

  • CVE-2026-42326MedJun 10, 2026
    risk 0.33cvss 5.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when writing an IPTC output file a malicious input file could cause an out of bounds read of a single byte. This issue has been patched in…

  • CVE-2026-42771MedJun 9, 2026
    risk 0.33cvss 6.2epss 0.00

    Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read…

  • CVE-2026-40215MedJun 8, 2026
    risk 0.33cvss epss 0.00

    A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion.

  • CVE-2026-10305MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.

  • CVE-2026-5071MedMay 30, 2026
    risk 0.33cvss 6.1epss 0.00

    The SocketCAN implementation validates the length of a user-provided buffer containing a socketcan_frame object using only a NET_ASSERT statement in zcan_sendto_ctx() before dereferencing it in socketcan_to_can_frame(). In production builds where assertions are disabled, a…

  • CVE-2026-23679MedMay 27, 2026
    risk 0.33cvss 6.2epss 0.00

    libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific…

  • CVE-2026-40340MedApr 18, 2026
    risk 0.33cvss 6.1epss 0.00

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The function validates `len < PTP_oi_SequenceNumber` (i.e., len < 48) but…

  • CVE-2026-40333MedApr 18, 2026
    risk 0.33cvss 6.1epss 0.00

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never…

  • CVE-2026-40917MedApr 15, 2026
    risk 0.33cvss 5.0epss 0.00

    A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure…

  • CVE-2026-39956MedApr 13, 2026
    risk 0.33cvss 6.1epss 0.00

    jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they are strings, and jv_string_indexes() in src/jv.c relies…

  • CVE-2026-34556MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion path. The issue is triggered by a crafted ICC profile which causes…

  • CVE-2026-34554MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow (HBO) in CIccApplyCmmSearch::costFunc() can be triggered via malformed JSON configuration input to the iccApplySearch tool.…

  • CVE-2026-1940MedMar 23, 2026
    risk 0.33cvss 5.1epss 0.00

    An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd…

  • CVE-2026-2243MedFeb 19, 2026
    risk 0.33cvss 5.1epss 0.00

    A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condition (DoS).

  • CVE-2026-24820MedJan 27, 2026
    risk 0.33cvss epss 0.00

    Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705.

  • CVE-2025-12829MedNov 7, 2025
    risk 0.33cvss 6.2epss 0.00

    An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should…