CWE-125
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (2,466)
page 17 of 124| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14447 | Hig | 0.57 | 8.8 | 0.02 | Jul 20, 2018 | trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read. | ||
| CVE-2018-14046 | Hig | 0.57 | 8.8 | 0.02 | Jul 13, 2018 | Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. | ||
| CVE-2018-14035 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c. | ||
| CVE-2018-14034 | Hig | 0.57 | 8.8 | 0.01 | Jul 13, 2018 | An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c. | ||
| CVE-2018-14033 | Hig | 0.57 | 8.8 | 0.02 | Jul 13, 2018 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy. | ||
| CVE-2018-14031 | Hig | 0.57 | 8.8 | 0.02 | Jul 13, 2018 | An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c. | ||
| CVE-2018-11724 | Hig | 0.57 | 8.8 | 0.02 | Jun 19, 2018 | The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | ||
| CVE-2018-12265 | Hig | 0.57 | 8.8 | 0.03 | Jun 13, 2018 | Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. | ||
| CVE-2018-12264 | Hig | 0.57 | 8.8 | 0.03 | Jun 13, 2018 | Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. | ||
| CVE-2018-11625 | Hig | 0.57 | 8.8 | 0.02 | May 31, 2018 | In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | ||
| CVE-2018-5680 | Hig | 0.57 | 8.8 | 0.03 | May 24, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious… | ||
| CVE-2018-10490 | Hig | 0.57 | 8.8 | 0.03 | May 17, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw… | ||
| CVE-2018-10392 | Hig | 0.57 | 8.8 | 0.03 | Apr 26, 2018 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | ||
| CVE-2018-9841 | Hig | 0.57 | 8.8 | 0.02 | Apr 7, 2018 | The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename. | ||
| CVE-2018-6248 | Hig | 0.57 | 8.8 | 0.00 | Apr 2, 2018 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the… | ||
| CVE-2018-9135 | Hig | 0.57 | 8.8 | 0.02 | Mar 30, 2018 | In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c. | ||
| CVE-2018-7871 | Hig | 0.57 | 8.8 | 0.02 | Mar 8, 2018 | There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||
| CVE-2018-7550 | Hig | 0.57 | 8.8 | 0.01 | Mar 1, 2018 | The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access. | ||
| CVE-2017-18198 | Hig | 0.57 | 8.8 | 0.04 | Feb 24, 2018 | print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file. | ||
| CVE-2018-7439 | Hig | 0.57 | 8.8 | 0.02 | Feb 23, 2018 | An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record. |
- risk 0.57cvss 8.8epss 0.02
trim_whitespace in lexer.l in libConfuse v3.2.1 has an out-of-bounds read.
- risk 0.57cvss 8.8epss 0.02
Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.
- risk 0.57cvss 8.8epss 0.02
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
- risk 0.57cvss 8.8epss 0.03
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
- risk 0.57cvss 8.8epss 0.03
Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
- risk 0.57cvss 8.8epss 0.03
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious…
- risk 0.57cvss 8.8epss 0.03
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw…
- risk 0.57cvss 8.8epss 0.03
mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.
- risk 0.57cvss 8.8epss 0.02
The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.
- risk 0.57cvss 8.8epss 0.00
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the…
- risk 0.57cvss 8.8epss 0.02
In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.
- risk 0.57cvss 8.8epss 0.02
There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.
- risk 0.57cvss 8.8epss 0.01
The load_multiboot function in hw/i386/multiboot.c in Quick Emulator (aka QEMU) allows local guest OS users to execute arbitrary code on the QEMU host via a mh_load_end_addr value greater than mh_bss_end_addr, which triggers an out-of-bounds read or write memory access.
- risk 0.57cvss 8.8epss 0.04
print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted iso file.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record.