CWE-125
Out-of-bounds Read
Description
The product reads data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-540
CVEs mapped to this weakness (2,466)
page 26 of 124| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-44940 | — | Cri | 0.52 | 9.1 | 0.01 | Dec 19, 2022 | Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc. | |
| CVE-2021-44144 | — | Cri | 0.52 | 9.1 | 0.01 | Nov 22, 2021 | Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. | |
| CVE-2021-25288 | — | Cri | 0.52 | 9.1 | 0.02 | Jun 2, 2021 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i. | |
| CVE-2021-25287 | — | Cri | 0.52 | 9.1 | 0.03 | Jun 2, 2021 | An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la. | |
| CVE-2021-25905 | — | Cri | 0.52 | 9.1 | 0.02 | Jan 26, 2021 | An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory. | |
| CVE-2020-35892 | — | Cri | 0.52 | 9.1 | 0.02 | Dec 31, 2020 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. | |
| CVE-2018-14938 | Cri | 0.52 | 9.1 | 0.03 | Aug 5, 2018 | An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result… | ||
| CVE-2018-4985 | Hig | 0.52 | 7.5 | 0.37 | Jul 9, 2018 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-4956 | Hig | 0.52 | 7.5 | 0.36 | Jul 9, 2018 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-4949 | Hig | 0.52 | 7.5 | 0.36 | Jul 9, 2018 | Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||
| CVE-2018-3739 | — | Cri | 0.52 | 9.1 | 0.02 | Jun 7, 2018 | https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON). | |
| CVE-2017-13261 | Hig | 0.52 | 7.5 | 0.07 | Apr 4, 2018 | In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | ||
| CVE-2017-13260 | Hig | 0.52 | 7.5 | 0.08 | Apr 4, 2018 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2017-13258 | Hig | 0.52 | 7.5 | 0.07 | Apr 4, 2018 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:… | ||
| CVE-2025-9033 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds… | ||
| CVE-2025-9032 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine… | ||
| CVE-2025-7017 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine… | ||
| CVE-2025-7011 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast… | ||
| CVE-2025-7009 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast… | ||
| CVE-2025-7008 | Hig | 0.51 | 7.8 | 0.00 | Jun 12, 2026 | Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus,… |
- risk 0.52cvss 9.1epss 0.01
Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.
- risk 0.52cvss 9.1epss 0.01
Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.
- risk 0.52cvss 9.1epss 0.02
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.
- risk 0.52cvss 9.1epss 0.03
An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.
- risk 0.52cvss 9.1epss 0.02
An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.
- risk 0.52cvss 9.1epss 0.02
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
- risk 0.52cvss 9.1epss 0.03
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result…
- risk 0.52cvss 7.5epss 0.37
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.52cvss 7.5epss 0.36
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.52cvss 7.5epss 0.36
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
- risk 0.52cvss 9.1epss 0.02
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
- risk 0.52cvss 7.5epss 0.07
In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- risk 0.52cvss 7.5epss 0.08
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.52cvss 7.5epss 0.07
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…
- risk 0.51cvss 7.8epss 0.00
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…
- risk 0.51cvss 7.8epss 0.00
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine…
- risk 0.51cvss 7.8epss 0.00
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine…
- risk 0.51cvss 7.8epss 0.00
Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…
- risk 0.51cvss 7.8epss 0.00
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…
- risk 0.51cvss 7.8epss 0.00
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus,…