VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 101 of 126
  • CVE-2025-59729MedOct 6, 2025
    risk 0.37cvss epss 0.00

    When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAX_DURATION_BUFFER_SIZE bytes (0x100000) for example…

  • CVE-2023-49614MedMay 16, 2024
    risk 0.37cvss 5.7epss 0.00

    Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.

  • CVE-2022-40152MedSep 16, 2022
    risk 0.37cvss 6.5epss 0.20

    Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a…

  • CVE-2026-48724MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-24, when using an image with mask the Floyd-Steinberg dithering method it will cause a negative heap buffer over-write. This issue has been patched in version…

  • CVE-2026-46521MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in…

  • CVE-2026-20456MedJun 1, 2026
    risk 0.36cvss 5.5epss 0.00

    In wlan STA driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480851; Issue ID: MSV-6338.

  • CVE-2026-25266MedMay 4, 2026
    risk 0.36cvss 5.5epss 0.00

    Memory corruption while processing IOCTL command when device is in power-save state.

  • CVE-2026-27258MedApr 14, 2026
    risk 0.36cvss 5.5epss 0.00

    DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt memory, causing the application to crash or become unresponsive. Exploitation…

  • CVE-2026-6067MedApr 10, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of…

  • CVE-2019-25658MedApr 5, 2026
    risk 0.36cvss 5.5epss 0.00

    a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code'…

  • CVE-2018-25256MedApr 5, 2026
    risk 0.36cvss 5.5epss 0.00

    IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by…

  • CVE-2018-25230MedMar 30, 2026
    risk 0.36cvss 5.5epss 0.00

    Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to…

  • CVE-2018-25215MedMar 26, 2026
    risk 0.36cvss 5.5epss 0.00

    Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail and Registrations Code' field. Attackers can paste a crafted payload containing…

  • CVE-2019-25606MedMar 22, 2026
    risk 0.36cvss 5.5epss 0.00

    Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing 6000 bytes of data and paste it into the…

  • CVE-2019-25554MedMar 21, 2026
    risk 0.36cvss 5.5epss 0.00

    Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a large payload into the Name parameter when…

  • CVE-2025-11266MedDec 12, 2025
    risk 0.36cvss 6.6epss 0.00

    An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a…

  • CVE-2025-43447MedNov 4, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

  • CVE-2025-43380MedNov 4, 2025
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. Parsing a file may lead to an unexpected app termination.

  • CVE-2025-43353MedSep 15, 2025
    risk 0.36cvss 5.5epss 0.00

    The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.

  • CVE-2025-43302MedSep 15, 2025
    risk 0.36cvss 5.5epss 0.00

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to cause unexpected system…