VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 109 of 124
  • CVE-2023-31330LowSep 6, 2025
    risk 0.16cvss 2.5epss 0.00

    An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.

  • CVE-2023-25546LowSep 16, 2024
    risk 0.16cvss 2.5epss 0.00

    Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2026-10267LowJun 1, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may…

  • CVE-2026-10233LowJun 1, 2026
    risk 0.14cvss 3.3epss 0.00

    A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read.…

  • CVE-2026-45613LowMay 29, 2026
    risk 0.14cvss 3.3epss 0.00

    Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76ccfb9f631cdc50c7af47.

  • CVE-2026-9530LowMay 26, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The…

  • CVE-2026-9504LowMay 25, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made…

  • CVE-2026-8088LowMay 7, 2026
    risk 0.14cvss 3.3epss 0.00

    A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made…

  • CVE-2026-8084LowMay 7, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local…

  • CVE-2026-4159LowMar 19, 2026
    risk 0.14cvss 3.3epss 0.00

    1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with…

  • CVE-2026-2869LowFeb 21, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The manipulation leads to out-of-bounds read. The attack can only be performed from…

  • CVE-2026-2242LowFeb 9, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may…

  • CVE-2026-2241LowFeb 9, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be initiated from a local position. The exploit has been made public and could be…

  • CVE-2026-2240LowFeb 9, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. The attack must be carried out locally. The exploit has been disclosed to the…

  • CVE-2025-15506LowJan 11, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached…

  • CVE-2024-28051LowNov 13, 2024
    risk 0.14cvss 2.2epss 0.00

    Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2025-5941LowAug 14, 2025
    risk 0.13cvss epss 0.00

    Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact…

  • CVE-2026-11786LowJun 9, 2026
    risk 0.12cvss 1.9epss 0.00

    A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds read detectable under memory instrumentation.

  • CVE-2024-21950LowMay 15, 2026
    risk 0.12cvss epss 0.00

    An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability.

  • CVE-2004-0184May 4, 2004
    risk 0.08cvss epss 0.60

    Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an…