VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 17 of 124
  • CVE-2018-14447HigJul 20, 2018
    risk 0.57cvss 8.8epss 0.02

    trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.

  • CVE-2018-14046HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.02

    Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.

  • CVE-2018-14035HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.

  • CVE-2018-14034HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.

  • CVE-2018-14033HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.

  • CVE-2018-14031HigJul 13, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.

  • CVE-2018-11724HigJun 19, 2018
    risk 0.57cvss 8.8epss 0.02

    The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.

  • CVE-2018-12265HigJun 13, 2018
    risk 0.57cvss 8.8epss 0.03

    Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.

  • CVE-2018-12264HigJun 13, 2018
    risk 0.57cvss 8.8epss 0.03

    Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

  • CVE-2018-11625HigMay 31, 2018
    risk 0.57cvss 8.8epss 0.02

    In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.

  • CVE-2018-5680HigMay 24, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…

  • CVE-2018-10490HigMay 17, 2018
    risk 0.57cvss 8.8epss 0.03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…

  • CVE-2018-10392HigApr 26, 2018
    risk 0.57cvss 8.8epss 0.03

    mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

  • CVE-2018-9841HigApr 7, 2018
    risk 0.57cvss 8.8epss 0.02

    The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.

  • CVE-2018-6248HigApr 2, 2018
    risk 0.57cvss 8.8epss 0.00

    NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the…

  • CVE-2018-9135HigMar 30, 2018
    risk 0.57cvss 8.8epss 0.02

    In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.

  • CVE-2018-7871HigMar 8, 2018
    risk 0.57cvss 8.8epss 0.02

    There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.

  • CVE-2018-7550HigMar 1, 2018
    risk 0.57cvss 8.8epss 0.01

    The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.

  • CVE-2017-18198HigFeb 24, 2018
    risk 0.57cvss 8.8epss 0.04

    print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.

  • CVE-2018-7439HigFeb 23, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.