VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 106 of 124
  • CVE-2018-0919LowMar 14, 2018
    risk 0.22cvss 3.3epss 0.12

    Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016,…

  • CVE-2017-3033LowApr 12, 2017
    risk 0.22cvss 3.3epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.

  • CVE-2017-3032LowApr 12, 2017
    risk 0.22cvss 3.3epss 0.04

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.

  • CVE-2017-3031LowApr 12, 2017
    risk 0.22cvss 3.3epss 0.03

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.

  • CVE-2017-3022LowApr 12, 2017
    risk 0.22cvss 3.3epss 0.09

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.

  • CVE-2017-3021LowApr 12, 2017
    risk 0.22cvss 3.3epss 0.02

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.

  • CVE-2016-2091LowFeb 8, 2016
    risk 0.22cvss 3.3epss 0.01

    The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.

  • CVE-2026-45485LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

  • CVE-2026-45455LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.01

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-7233LowApr 28, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The…

  • CVE-2026-41079MedApr 24, 2026
    risk 0.21cvss 4.3epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer.…

  • CVE-2026-0930MedApr 20, 2026
    risk 0.21cvss 4.3epss 0.00

    Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

  • CVE-2026-4012LowMar 12, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly…

  • CVE-2026-4009LowMar 12, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be…

  • CVE-2026-3950LowMar 11, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is…

  • CVE-2026-3949LowMar 11, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack…

  • CVE-2025-70330LowMar 11, 2026
    risk 0.21cvss 3.3epss 0.00

    Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results…

  • CVE-2026-3664LowMar 7, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead…

  • CVE-2026-3663LowMar 7, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in…

  • CVE-2026-3606LowMar 5, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required…