VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 95 of 124
  • CVE-2014-9818MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a malformed sun file.

  • CVE-2014-9816MedMar 30, 2017
    risk 0.36cvss 5.5epss 0.01

    ImageMagick allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted viff file.

  • CVE-2017-7299MedMar 29, 2017
    risk 0.36cvss 5.5epss 0.01

    The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF…

  • CVE-2016-3178MedMar 24, 2017
    risk 0.36cvss 5.5epss 0.00

    The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (out-of-bounds memory access and daemon crash) via vectors involving a negative length value.

  • CVE-2017-7244MedMar 23, 2017
    risk 0.36cvss 5.5epss 0.02

    The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.

  • CVE-2017-6829MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.03

    The decodeSample function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2017-5956MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.00

    The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.

  • CVE-2014-9844MedMar 20, 2017
    risk 0.36cvss 5.5epss 0.02

    The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.

  • CVE-2017-5849MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.

  • CVE-2017-6430MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter.

  • CVE-2017-6851MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows remote attackers to cause a denial of service (invalid read) via a crafted image.

  • CVE-2017-6840MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.01

    The ColorChanger::GetColorFromStack function in colorchanger.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (invalid read) via a crafted file.

  • CVE-2016-6906MedMar 15, 2017
    risk 0.36cvss 5.5epss 0.02

    The read_image_tga function in gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file, related to the decompression buffer.

  • CVE-2017-6335MedMar 14, 2017
    risk 0.36cvss 5.5epss 0.02

    The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a small samples per pixel value in a CMYKA TIFF file.

  • CVE-2016-5315MedMar 7, 2017
    risk 0.36cvss 5.5epss 0.02

    The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.

  • CVE-2017-6500MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.

  • CVE-2017-5834MedMar 3, 2017
    risk 0.36cvss 5.5epss 0.01

    The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file.

  • CVE-2017-6387MedMar 2, 2017
    risk 0.36cvss 5.5epss 0.01

    The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file.

  • CVE-2017-5978MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file.

  • CVE-2017-5977MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file.