VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 102 of 126
  • CVE-2026-6045MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could…

  • CVE-2026-6040MedJun 15, 2026
    risk 0.35cvss epss 0.00

    A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that…

  • CVE-2026-6039MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so…

  • CVE-2026-8669MedMay 15, 2026
    risk 0.35cvss 6.5epss 0.00

    Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in…

  • CVE-2026-28819MedMay 11, 2026
    risk 0.35cvss 5.4epss 0.07

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges.

  • CVE-2026-7950MedMay 6, 2026
    risk 0.35cvss 5.4epss 0.00

    Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-27879MedMar 27, 2026
    risk 0.35cvss 6.5epss 0.00

    A resample query can be used to trigger out-of-memory crashes in Grafana.

  • CVE-2026-1489MedJan 27, 2026
    risk 0.35cvss 5.4epss 0.00

    A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in…

  • CVE-2024-38533MedJun 28, 2024
    risk 0.35cvss 6.5epss 0.00

    ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0.

  • CVE-2021-4040MedAug 24, 2022
    risk 0.35cvss 5.3epss 0.03

    A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted…

  • CVE-2020-21050MedSep 14, 2021
    risk 0.35cvss 6.5epss 0.01

    Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.

  • CVE-2021-29511MedMay 12, 2021
    risk 0.35cvss 6.5epss 0.01

    evm is a pure Rust implementation of Ethereum Virtual Machine. Prior to the patch, when executing specific EVM opcodes related to memory operations that use `evm_core::Memory::copy_large`, the `evm` crate can over-allocate memory when it is not needed, making it possible for an…

  • CVE-2020-15210MedSep 25, 2020
    risk 0.35cvss 6.5epss 0.01

    In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the…

  • CVE-2019-20024MedDec 27, 2019
    risk 0.35cvss 6.5epss 0.01

    A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.

  • CVE-2017-2633MedJul 27, 2018
    risk 0.35cvss 5.4epss 0.03

    An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU…

  • CVE-2018-1000MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.08

    An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE…

  • CVE-2018-0981MedApr 12, 2018
    risk 0.35cvss 5.3epss 0.06

    An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE…

  • CVE-2017-17286MedFeb 15, 2018
    risk 0.35cvss 5.3epss 0.01

    Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32,…

  • CVE-2026-5066MedJun 4, 2026
    risk 0.34cvss 6.3epss 0.00

    A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() and tls_session_restore() memcpy the caller-supplied address into a…

  • CVE-2026-5589MedJun 4, 2026
    risk 0.34cvss 6.3epss 0.00

    An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitation PDUs from raw BLE advertising…