VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 26 of 124
  • CVE-2022-44940CriDec 19, 2022
    risk 0.52cvss 9.1epss 0.01

    Patchelf v0.9 was discovered to contain an out-of-bounds read via the function modifyRPath at src/patchelf.cc.

  • CVE-2021-44144CriNov 22, 2021
    risk 0.52cvss 9.1epss 0.01

    Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.

  • CVE-2021-25288CriJun 2, 2021
    risk 0.52cvss 9.1epss 0.02

    An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_gray_i.

  • CVE-2021-25287CriJun 2, 2021
    risk 0.52cvss 9.1epss 0.03

    An issue was discovered in Pillow before 8.2.0. There is an out-of-bounds read in J2kDecode, in j2ku_graya_la.

  • CVE-2021-25905CriJan 26, 2021
    risk 0.52cvss 9.1epss 0.02

    An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.

  • CVE-2020-35892CriDec 31, 2020
    risk 0.52cvss 9.1epss 0.02

    An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.

  • CVE-2018-14938CriAug 5, 2018
    risk 0.52cvss 9.1epss 0.03

    An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result…

  • CVE-2018-4985HigJul 9, 2018
    risk 0.52cvss 7.5epss 0.37

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4956HigJul 9, 2018
    risk 0.52cvss 7.5epss 0.36

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-4949HigJul 9, 2018
    risk 0.52cvss 7.5epss 0.36

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

  • CVE-2018-3739CriJun 7, 2018
    risk 0.52cvss 9.1epss 0.02

    https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).

  • CVE-2017-13261HigApr 4, 2018
    risk 0.52cvss 7.5epss 0.07

    In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…

  • CVE-2017-13260HigApr 4, 2018
    risk 0.52cvss 7.5epss 0.08

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2017-13258HigApr 4, 2018
    risk 0.52cvss 7.5epss 0.07

    In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:…

  • CVE-2025-9033HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds…

  • CVE-2025-9032HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine…

  • CVE-2025-7017HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed Windows MSI file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine…

  • CVE-2025-7011HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed zip file containing XML may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…

  • CVE-2025-7009HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast…

  • CVE-2025-7008HigJun 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus,…