VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (1,460)

page 60 of 73
  • CVE-2016-6238MedFeb 2, 2017
    risk 0.36cvss 5.5epss 0.00

    The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file.

  • CVE-2016-6236MedFeb 2, 2017
    risk 0.36cvss 5.5epss 0.00

    The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file.

  • CVE-2016-5434MedJan 30, 2017
    risk 0.36cvss 5.5epss 0.00

    libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.

  • CVE-2016-5825MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.00

    The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.

  • CVE-2016-6911MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.01

    The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

  • CVE-2016-7410MedJan 23, 2017
    risk 0.36cvss 5.5epss 0.00

    The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.

  • CVE-2016-9273MedJan 18, 2017
    risk 0.36cvss 5.5epss 0.01

    tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode.

  • CVE-2016-9810MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.

  • CVE-2016-9807MedJan 13, 2017
    risk 0.36cvss 5.5epss 0.01

    The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.

  • CVE-2015-8817MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built to use 'address_space_translate' to map an address to a MemoryRegionSection is vulnerable to an OOB r/w access issue. It could occur while doing pci_dma_read/write calls. Affects QEMU versions >= 1.6.0 and <= 2.3.1. A privileged user inside guest could use this flaw to crash the guest instance resulting in DoS.

  • CVE-2016-7915MedNov 16, 2016
    risk 0.36cvss 5.5epss 0.00

    The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.

  • CVE-2016-7914MedNov 16, 2016
    risk 0.36cvss 5.5epss 0.00

    The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.

  • CVE-2015-8934MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.

  • CVE-2015-8928MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.00

    The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.

  • CVE-2015-8927MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.00

    The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.

  • CVE-2015-8925MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.

  • CVE-2015-8924MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.00

    The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.

  • CVE-2015-8920MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.01

    The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.

  • CVE-2015-8915MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.00

    bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.

  • CVE-2016-4628MedJul 22, 2016
    risk 0.36cvss 5.5epss 0.00

    IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.