VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 108 of 124
  • CVE-2024-40630MedJul 15, 2024
    risk 0.21cvss 4.3epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in…

  • CVE-2018-6254LowMay 10, 2018
    risk 0.21cvss 3.3epss 0.00

    In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference:…

  • CVE-2016-10208MedFeb 6, 2017
    risk 0.21cvss 4.3epss 0.00

    The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.

  • CVE-2026-48102LowJun 5, 2026
    risk 0.20cvss 3.1epss 0.00

    7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse (CPP/7zip/Archive/Udf/UdfIn.cpp), after validating size <…

  • CVE-2026-44067MedMay 21, 2026
    risk 0.20cvss 4.2epss 0.00

    A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via crafted EA data.

  • CVE-2026-8578LowMay 14, 2026
    risk 0.20cvss 3.1epss 0.00

    Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7949LowMay 6, 2026
    risk 0.20cvss 3.1epss 0.00

    Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-33599LowApr 22, 2026
    risk 0.20cvss 3.1epss 0.00

    A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.

  • CVE-2025-23050LowOct 31, 2025
    risk 0.20cvss 3.1epss 0.00

    QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.

  • CVE-2025-1400LowMay 7, 2025
    risk 0.20cvss 3.1epss 0.00

    Out-of-bounds Read vulnerability in unpack_response (conn.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

  • CVE-2025-1399LowMay 7, 2025
    risk 0.20cvss 3.1epss 0.00

    Out-of-bounds Read vulnerability in unpack_response (session.c) in libplctag from 2.0 through 2.6.3 allows Overread Buffers via network.

  • CVE-2016-2380LowJan 6, 2017
    risk 0.20cvss 3.1epss 0.02

    An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and…

  • CVE-2026-47104MedMay 27, 2026
    risk 0.19cvss 4.0epss 0.00

    libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to…

  • CVE-2025-66037LowMar 30, 2026
    risk 0.18cvss 3.9epss 0.00

    OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, sc_pkcs15_pubkey_from_spki_fields()…

  • CVE-2026-22717LowFeb 27, 2026
    risk 0.18cvss 2.7epss 0.00

    Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from the machine where VMware Workstation is installed.

  • CVE-2024-22384LowMay 16, 2024
    risk 0.18cvss 2.8epss 0.00

    Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2025-71264LowMar 16, 2026
    risk 0.17cvss 3.7epss 0.00

    Mumble before 1.6.870 is prone to an out-of-bounds array access, which may result in denial of service (client crash).

  • CVE-2026-28527LowMar 30, 2026
    risk 0.16cvss 3.5epss 0.00

    BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers that allows nearby attackers to read beyond packet boundaries.…

  • CVE-2026-28526LowMar 30, 2026
    risk 0.16cvss 3.5epss 0.00

    BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES and LIST_PLAYER_APPLICATION_SETTING_VALUES handlers that allows attackers to read beyond buffer boundaries. A nearby…

  • CVE-2025-14055LowFeb 20, 2026
    risk 0.16cvss epss 0.00

    An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.