VYPR

CWE-125

Out-of-bounds Read

BaseDraft

Description

The product reads data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-540

CVEs mapped to this weakness (2,466)

page 98 of 124
  • CVE-2016-4628MedJul 22, 2016
    risk 0.36cvss 5.5epss 0.00

    IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2012-1571MedJul 17, 2012
    risk 0.36cvss 6.5epss 0.04

    file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

  • CVE-2006-5393MedOct 18, 2006
    risk 0.36cvss 5.5epss 0.00

    Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

  • CVE-2026-12298MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

  • CVE-2026-47223MedJun 12, 2026
    risk 0.35cvss 5.4epss 0.00

    NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). A 32-bit…

  • CVE-2026-47222MedJun 12, 2026
    risk 0.35cvss 5.4epss 0.00

    NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). An unsigned…

  • CVE-2026-45160MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's…

  • CVE-2026-46433MedJun 9, 2026
    risk 0.35cvss 6.5epss 0.00

    lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift the frame payload 4 bytes left. The third argument (byte count) is s - 2 *…

  • CVE-2026-43951MedJun 8, 2026
    risk 0.35cvss 6.5epss 0.01

    Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.

  • CVE-2026-41069MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while…

  • CVE-2026-43620MedMay 20, 2026
    risk 0.35cvss 6.5epss 0.01

    Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rsync server to crash the rsync client process. Attackers can exploit the vulnerability by setting CF_INC_RECURSE in compatibility…

  • CVE-2026-35423MedMay 12, 2026
    risk 0.35cvss 5.4epss 0.01

    Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-40251MedMay 6, 2026
    risk 0.35cvss 6.5epss 0.00

    Incus is a system container and virtual machine manager. In versions before 7.0.0, missing validation logic in the storage volume import logic allows an authenticated user with access to the storage volume feature to cause the Incus daemon to crash. The backup restore subsystem…

  • CVE-2026-7950MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2025-70072MedMay 4, 2026
    risk 0.35cvss 6.5epss 0.00

    An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components

  • CVE-2026-28532MedApr 30, 2026
    risk 0.35cvss 6.5epss 0.00

    FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition…

  • CVE-2026-7425MedApr 29, 2026
    risk 0.35cvss 6.5epss 0.00

    Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash) by sending a crafted Router Advertisement with a truncated PREFIX_INFORMATION…

  • CVE-2026-41607MedApr 28, 2026
    risk 0.35cvss 6.5epss 0.01

    Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

  • CVE-2026-39979MedApr 13, 2026
    risk 0.35cvss 6.5epss 0.01

    jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its error-handling path formats the input buffer using %s in jv_string_fmt(), which…

  • CVE-2026-25209MedApr 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.