CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

CWE-119

Children

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (1,460)

page 46 of 73

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-5010	Med	0.42	6.5	0.01	Apr 20, 2017	coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
CVE-2015-8958	Med	0.42	6.5	0.01	Apr 20, 2017	coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVE-2016-7537	Med	0.42	6.5	0.02	Apr 19, 2017	MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
CVE-2016-7533	Med	0.42	6.5	0.01	Apr 19, 2017	The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
CVE-2016-7529	Med	0.42	6.5	0.01	Apr 19, 2017	coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
CVE-2016-7528	Med	0.42	6.5	0.01	Apr 19, 2017	The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVE-2016-7522	Med	0.42	6.5	0.01	Apr 19, 2017	The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7519	Med	0.42	6.5	0.01	Apr 19, 2017	The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7515	Med	0.42	6.5	0.01	Apr 19, 2017	The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
CVE-2014-9837	Med	0.42	6.5	0.00	Apr 11, 2017	coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
CVE-2014-8354	Med	0.42	6.5	0.01	Apr 11, 2017	The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2014-9829	Med	0.42	6.5	0.00	Apr 5, 2017	coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
CVE-2017-5667	Med	0.42	6.5	0.00	Mar 16, 2017	The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
CVE-2016-6884	Med	0.42	6.5	0.00	Mar 3, 2017	TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
CVE-2016-7510	Med	0.42	6.5	0.01	Feb 17, 2017	The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
CVE-2016-5035	Med	0.42	6.5	0.01	Feb 17, 2017	The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-5033	Med	0.42	6.5	0.01	Feb 17, 2017	The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-5032	Med	0.42	6.5	0.01	Feb 17, 2017	The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2016-8680	Med	0.42	6.5	0.01	Feb 15, 2017	The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
CVE-2016-8679	Med	0.42	6.5	0.01	Feb 15, 2017	The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.

CVE-2016-5010MedApr 20, 2017
risk 0.42cvss 6.5epss 0.01
coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF file.
CVE-2015-8958MedApr 20, 2017
risk 0.42cvss 6.5epss 0.01
coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file.
CVE-2016-7537MedApr 19, 2017
risk 0.42cvss 6.5epss 0.02
MagickCore/memory.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted PDB file.
CVE-2016-7533MedApr 19, 2017
risk 0.42cvss 6.5epss 0.01
The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WPG file.
CVE-2016-7529MedApr 19, 2017
risk 0.42cvss 6.5epss 0.01
coders/xcf.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted XCF file.
CVE-2016-7528MedApr 19, 2017
risk 0.42cvss 6.5epss 0.01
The ReadVIFFImage function in coders/viff.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted VIFF file.
CVE-2016-7522MedApr 19, 2017
risk 0.42cvss 6.5epss 0.01
The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PSD file.
CVE-2016-7519MedApr 19, 2017
risk 0.42cvss 6.5epss 0.01
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-7515MedApr 19, 2017
risk 0.42cvss 6.5epss 0.01
The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the number of pixels.
CVE-2014-9837MedApr 11, 2017
risk 0.42cvss 6.5epss 0.00
coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.
CVE-2014-8354MedApr 11, 2017
risk 0.42cvss 6.5epss 0.01
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
CVE-2014-9829MedApr 5, 2017
risk 0.42cvss 6.5epss 0.00
coders/sun.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted sun file.
CVE-2017-5667MedMar 16, 2017
risk 0.42cvss 6.5epss 0.00
The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds heap access and crash) or execute arbitrary code on the QEMU host via vectors involving the data transfer length.
CVE-2016-6884MedMar 3, 2017
risk 0.42cvss 6.5epss 0.00
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
CVE-2016-7510MedFeb 17, 2017
risk 0.42cvss 6.5epss 0.01
The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
CVE-2016-5035MedFeb 17, 2017
risk 0.42cvss 6.5epss 0.01
The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-5033MedFeb 17, 2017
risk 0.42cvss 6.5epss 0.01
The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-5032MedFeb 17, 2017
risk 0.42cvss 6.5epss 0.01
The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2016-8680MedFeb 15, 2017
risk 0.42cvss 6.5epss 0.01
The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
CVE-2016-8679MedFeb 15, 2017
risk 0.42cvss 6.5epss 0.01
The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.