VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 104 of 124
  • CVE-2025-4087MedApr 29, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138,…

  • CVE-2023-31339MedAug 13, 2024
    risk 0.31cvss 4.8epss 0.00

    Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.

  • CVE-2022-39392MedNov 10, 2022
    risk 0.31cvss 5.9epss 0.01

    Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the…

  • CVE-2020-15265MedOct 21, 2020
    risk 0.31cvss 5.9epss 0.01

    In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to…

  • CVE-2018-10506MedJun 8, 2018
    risk 0.31cvss 4.7epss 0.01

    A out-of-bounds read information disclosure vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a local attacker to disclose sensitive information on vulnerable installations due to a flaw within the processing of IOCTL 0x220004 by the TMWFP driver. An attacker…

  • CVE-2017-12618MedOct 24, 2017
    risk 0.31cvss 4.7epss 0.01

    Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using…

  • CVE-2017-4899MedJun 7, 2017
    risk 0.31cvss 4.7epss 0.00

    VMware Workstation Pro/Player 12.x before 12.5.3 contains a security vulnerability that exists in the SVGA driver. An attacker may exploit this issue to crash the VM or trigger an out-of-bound read. Note: This issue can be triggered only when the host has no graphics card or no…

  • CVE-2017-6883MedMar 14, 2017
    risk 0.31cvss 4.7epss 0.03

    The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to…

  • CVE-2016-9811MedJan 13, 2017
    risk 0.31cvss 4.7epss 0.02

    The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.

  • CVE-2025-66664MedMay 15, 2026
    risk 0.30cvss epss 0.00

    Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception

  • CVE-2026-22185MedJan 7, 2026
    risk 0.30cvss epss 0.00

    OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation…

  • CVE-2024-38797MedApr 7, 2025
    risk 0.30cvss 4.6epss 0.00

    EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.

  • CVE-2023-28448MedMar 24, 2023
    risk 0.30cvss 5.7epss 0.01

    Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the…

  • CVE-2018-14780MedAug 15, 2018
    risk 0.30cvss 4.6epss 0.00

    An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen);…

  • CVE-2026-47748MedJun 16, 2026
    risk 0.29cvss 5.5epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to an out-of-bounds reads error through PyTorch checkpoint pickle opcode parsing.…

  • CVE-2026-42446MedMay 12, 2026
    risk 0.29cvss 4.4epss 0.00

    NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. An attacker-controlled…

  • CVE-2026-35233MedMay 1, 2026
    risk 0.29cvss 4.4epss 0.00

    An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the…

  • CVE-2026-33905MedApr 13, 2026
    risk 0.29cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an…

  • CVE-2026-39856MedApr 9, 2026
    risk 0.29cvss 5.5epss 0.00

    osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When processing PE sections for page…

  • CVE-2026-39855MedApr 9, 2026
    risk 0.29cvss 5.5epss 0.00

    osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code (pe_page_hash_calc()). When page hash processing is performed on a…