CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

CWE-119

Children

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (1,841)

page 77 of 93

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-46532	Espressif Esp Idf	Med	0.23	4.6	0.00	Jun 10, 2026	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c).…
CVE-2026-28528	Bluekitchen Gmbh Btstack	Med	0.23	4.6	0.00	Mar 30, 2026	BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit…
CVE-2026-32984	Wazuh Wazuh	Low	0.23	3.5	0.00	Mar 27, 2026	Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on…
CVE-2023-7340	Wazuh Wazuh	Low	0.23	3.5	0.00	Mar 27, 2026	Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability…
CVE-2026-40026	Sleuthkit The Sleuth Kit	Med	0.22	4.4	0.00	Apr 8, 2026	The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data…
CVE-2026-40025	Sleuthkit The Sleuth Kit	Med	0.22	4.4	0.00	Apr 8, 2026	The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can…
CVE-2026-39864	Kamailio Kamailio	Med	0.22	4.4	0.00	Apr 8, 2026	Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet…
CVE-2023-49100	Trustedfirmware M Trusted Firmware M	Med	0.22	4.4	0.00	Feb 21, 2024	Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be…
CVE-2017-3033	Adobe Inc. Acrobat	Low	0.22	3.3	0.02	Apr 12, 2017	Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.
CVE-2017-3032	Adobe Inc. Acrobat	Low	0.22	3.3	0.02	Apr 12, 2017	Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.
CVE-2017-3031	Adobe Inc. Acrobat	Low	0.22	3.3	0.02	Apr 12, 2017	Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.
CVE-2017-3022	Adobe Inc. Acrobat	Low	0.22	3.3	0.02	Apr 12, 2017	Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.
CVE-2017-3021	Adobe Inc. Acrobat	Low	0.22	3.3	0.02	Apr 12, 2017	Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.
CVE-2026-45485	Microsoft Office	Low	0.21	3.3	0.00	Jun 9, 2026	Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45455	Microsoft Office Excel	Low	0.21	3.3	0.00	Jun 9, 2026	Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-7233	Artifex Mupdf	Low	0.21	3.3	0.00	Apr 28, 2026	A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The…
CVE-2026-41079	Openprinting Cups	Med	0.21	4.3	0.00	Apr 24, 2026	OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer.…
CVE-2026-0930	Wolfssh Wolfssh	Med	0.21	4.3	0.00	Apr 20, 2026	Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
CVE-2026-4012	Rxi Fe	Low	0.21	3.3	0.00	Mar 12, 2026	A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly…
CVE-2026-4009	Oneafter 0209	Low	0.21	3.3	0.00	Mar 12, 2026	A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be…

CVE-2026-46532MedJun 10, 2026
Espressif
Esp Idf
risk 0.23cvss 4.6epss 0.00
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (avrc_pars_vendor_cmd() in components/bt/host/bluedroid/stack/avrc/avrc_pars_tg.c).…
CVE-2026-28528MedMar 30, 2026
Bluekitchen Gmbh
Btstack
risk 0.23cvss 4.6epss 0.00
BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that fails to validate packet boundaries and attribute count data. An attacker with a paired Bluetooth Classic connection can exploit…
CVE-2026-32984LowMar 27, 2026
Wazuh
Wazuh
risk 0.23cvss 3.5epss 0.00
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on…
CVE-2023-7340LowMar 27, 2026
Wazuh
Wazuh
risk 0.23cvss 3.5epss 0.00
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability…
CVE-2026-40026MedApr 8, 2026
Sleuthkit
The Sleuth Kit
risk 0.22cvss 4.4epss 0.00
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data…
CVE-2026-40025MedApr 8, 2026
Sleuthkit
The Sleuth Kit
risk 0.22cvss 4.4epss 0.00
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can…
CVE-2026-39864MedApr 8, 2026
Kamailio
Kamailio
risk 0.22cvss 4.4epss 0.00
Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted SIP packet…
CVE-2023-49100MedFeb 21, 2024
Trustedfirmware M
Trusted Firmware M
risk 0.22cvss 4.4epss 0.00
Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be…
CVE-2017-3033LowApr 12, 2017
Adobe Inc.
Acrobat
risk 0.22cvss 3.3epss 0.02
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data.
CVE-2017-3032LowApr 12, 2017
Adobe Inc.
Acrobat
risk 0.22cvss 3.3epss 0.02
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.
CVE-2017-3031LowApr 12, 2017
Adobe Inc.
Acrobat
risk 0.22cvss 3.3epss 0.02
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine.
CVE-2017-3022LowApr 12, 2017
Adobe Inc.
Acrobat
risk 0.22cvss 3.3epss 0.02
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file.
CVE-2017-3021LowApr 12, 2017
Adobe Inc.
Acrobat
risk 0.22cvss 3.3epss 0.02
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine.
CVE-2026-45485LowJun 9, 2026
Microsoft
Office
risk 0.21cvss 3.3epss 0.00
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVE-2026-45455LowJun 9, 2026
Microsoft
Office Excel
risk 0.21cvss 3.3epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-7233LowApr 28, 2026
Artifex
Mupdf
risk 0.21cvss 3.3epss 0.00
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The…
CVE-2026-41079MedApr 24, 2026
Openprinting
Cups
risk 0.21cvss 4.3epss 0.00
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer.…
CVE-2026-0930MedApr 20, 2026
Wolfssh
Wolfssh
risk 0.21cvss 4.3epss 0.00
Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.
CVE-2026-4012LowMar 12, 2026
Rxi
Fe
risk 0.21cvss 3.3epss 0.00
A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes out-of-bounds read. The attack requires local access. The exploit has been publicly…
CVE-2026-4009LowMar 12, 2026
Oneafter
0209
risk 0.21cvss 3.3epss 0.00
A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be…