VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 120 of 124
  • CVE-2018-12248HigJun 12, 2018
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.

  • CVE-2018-10360MedJun 11, 2018
    risk 0.00cvss 6.5epss 0.03

    The do_core_note function in readelf.c in libmagic.a in file 5.33 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF file.

  • CVE-2018-11598HigMay 31, 2018
    risk 0.00cvss 7.1epss 0.01

    Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c.

  • CVE-2018-11592MedMay 31, 2018
    risk 0.00cvss 5.5epss 0.01

    Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c.

  • CVE-2018-11384MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

  • CVE-2018-11382MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

  • CVE-2018-11381MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

  • CVE-2018-11380MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.

  • CVE-2018-11379MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.

  • CVE-2018-11377MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

  • CVE-2018-11376MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.

  • CVE-2018-11375MedMay 22, 2018
    risk 0.00cvss 5.5epss 0.01

    The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.

  • CVE-2018-11363HigMay 22, 2018
    risk 0.00cvss 7.5epss 0.02

    jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.

  • CVE-2018-10529HigApr 29, 2018
    risk 0.00cvss 8.8epss 0.02

    An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.

  • CVE-2018-10017MedApr 11, 2018
    risk 0.00cvss 6.5epss 0.02

    soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before 0.3.8 allows remote attackers to cause a denial of service (out-of-bounds read) via an IT or MO3 file with many nested pattern loops.

  • CVE-2018-1093MedApr 2, 2018
    risk 0.00cvss 5.5epss 0.02

    The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.

  • CVE-2018-8754MedMar 18, 2018
    risk 0.00cvss 5.5epss 0.00

    The libevt_record_values_read_event() function in libevt_record_values.c in libevt before 2018-03-17 does not properly check for out-of-bounds values of user SID data size, strings size, or data size. NOTE: the vendor has disputed this as described in libyal/libevt issue 5 on…

  • CVE-2018-1000085MedMar 13, 2018
    risk 0.00cvss 5.5epss 0.02

    ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted…

  • CVE-2018-7730MedMar 6, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in Exempi through 2.4.4. A certain case of a 0xffffffff length is mishandled in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp, leading to a heap-based buffer over-read in the PSD_MetaHandler::CacheFileData() function.

  • CVE-2018-7729MedMar 6, 2018
    risk 0.00cvss 5.5epss 0.01

    An issue was discovered in Exempi through 2.4.4. There is a stack-based buffer over-read in the PostScript_MetaHandler::ParsePSFile() function in XMPFiles/source/FileHandlers/PostScript_Handler.cpp.