VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 119 of 124
  • CVE-2018-17206MedSep 19, 2018
    risk 0.00cvss 4.9epss 0.02

    An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.

  • CVE-2018-16790HigSep 10, 2018
    risk 0.00cvss 8.1epss 0.02

    _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer.

  • CVE-2018-16427MedSep 4, 2018
    risk 0.00cvss 4.3epss 0.00

    Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

  • CVE-2017-18344MedJul 26, 2018
    risk 0.00cvss 5.5epss 0.03

    The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows…

  • CVE-2018-13988MedJul 25, 2018
    risk 0.00cvss 6.5epss 0.03

    Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corruption and denial of service. This may be exploitable when a victim opens a…

  • CVE-2018-1999015MedJul 23, 2018
    risk 0.00cvss 6.5epss 0.02

    FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This…

  • CVE-2018-1999014MedJul 23, 2018
    risk 0.00cvss 6.5epss 0.01

    FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability…

  • CVE-2018-1999010CriJul 23, 2018
    risk 0.00cvss 9.8epss 0.03

    FFmpeg before commit cced03dd667a5df6df8fd40d8de0bff477ee02e8 contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. This attack appear to be exploitable via network connectivity. This vulnerability…

  • CVE-2018-10888MedJul 10, 2018
    risk 0.00cvss 6.5epss 0.02

    A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.

  • CVE-2018-10887HigJul 10, 2018
    risk 0.00cvss 8.1epss 0.02

    A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An…

  • CVE-2018-13305HigJul 5, 2018
    risk 0.00cvss 8.1epss 0.01

    In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of…

  • CVE-2018-13300HigJul 5, 2018
    risk 0.00cvss 8.1epss 0.02

    In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and…

  • CVE-2018-13099MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.03

    An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

  • CVE-2018-13098MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.

  • CVE-2018-13097MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG).

  • CVE-2018-13096MedJul 3, 2018
    risk 0.00cvss 5.5epss 0.03

    An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.

  • CVE-2018-13006CriJun 29, 2018
    risk 0.00cvss 9.8epss 0.02

    An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump.

  • CVE-2018-12684HigJun 22, 2018
    risk 0.00cvss 7.1epss 0.01

    Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.

  • CVE-2018-12322MedJun 13, 2018
    risk 0.00cvss 5.5epss 0.01

    There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.

  • CVE-2018-12321HigJun 13, 2018
    risk 0.00cvss 7.8epss 0.01

    There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.