CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,906)
page 71 of 96| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3471 | 0.06 | — | 0.73 | Oct 15, 2008 | Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac;… | |||
| CVE-2007-2356 | 0.06 | — | 0.41 | Apr 30, 2007 | Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file. | |||
| CVE-2006-3897 | 0.06 | — | 0.39 | Jul 27, 2006 | Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property. | |||
| CVE-2025-11964 | Low | 0.05 | 1.9 | 0.00 | Dec 31, 2025 | On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer. | ||
| CVE-2023-5217 | 0.05 | — | 0.05 | KEV | Sep 28, 2023 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2022-4135 | 0.05 | — | 0.00 | KEV | Nov 25, 2022 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2010-4543 | 0.05 | — | 0.23 | Jan 7, 2011 | Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image… | |||
| CVE-2009-2550 | 0.05 | — | 0.21 | Jul 20, 2009 | Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file. | |||
| CVE-2019-0592 | 0.04 | — | 0.45 | Apr 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0611. | |||
| CVE-2011-4516 | 0.04 | — | 0.48 | Dec 15, 2011 | Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker… | |||
| CVE-2009-2403 | 0.04 | — | 0.10 | Jul 9, 2009 | Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file. | |||
| CVE-2004-0978 | 0.04 | — | 0.42 | Feb 9, 2005 | Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter. | |||
| CVE-2004-1287 | 0.04 | — | 0.16 | Jan 10, 2005 | Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194. | |||
| CVE-2003-1396 | 0.04 | — | 0.16 | Dec 31, 2003 | Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | |||
| CVE-2003-0870 | 0.04 | — | 0.12 | Nov 17, 2003 | Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name. | |||
| CVE-2023-31419 | 0.03 | — | 0.35 | Oct 26, 2023 | A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | |||
| CVE-2022-2274 | 0.03 | — | 0.40 | Jul 1, 2022 | The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the… | |||
| CVE-2019-0568 | 0.03 | — | 0.81 | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,… | |||
| CVE-2019-0567 | 0.03 | — | 0.90 | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,… | |||
| CVE-2019-0539 | 0.03 | — | 0.91 | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567,… |
- CVE-2008-3471Oct 15, 2008risk 0.06cvss —epss 0.73
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac;…
- CVE-2007-2356Apr 30, 2007risk 0.06cvss —epss 0.41
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
- CVE-2006-3897Jul 27, 2006risk 0.06cvss —epss 0.39
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
- risk 0.05cvss 1.9epss 0.00
On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.
- risk 0.05cvss —epss 0.05
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- risk 0.05cvss —epss 0.00
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
- CVE-2010-4543Jan 7, 2011risk 0.05cvss —epss 0.23
Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image…
- CVE-2009-2550Jul 20, 2009risk 0.05cvss —epss 0.21
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
- CVE-2019-0592Apr 8, 2019risk 0.04cvss —epss 0.45
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0611.
- CVE-2011-4516Dec 15, 2011risk 0.04cvss —epss 0.48
Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted numrlvls value in a coding style default (COD) marker…
- CVE-2009-2403Jul 9, 2009risk 0.04cvss —epss 0.10
Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.
- CVE-2004-0978Feb 9, 2005risk 0.04cvss —epss 0.42
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
- CVE-2004-1287Jan 10, 2005risk 0.04cvss —epss 0.16
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
- CVE-2003-1396Dec 31, 2003risk 0.04cvss —epss 0.16
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
- CVE-2003-0870Nov 17, 2003risk 0.04cvss —epss 0.12
Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
- CVE-2023-31419Oct 26, 2023risk 0.03cvss —epss 0.35
A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
- CVE-2022-2274Jul 1, 2022risk 0.03cvss —epss 0.40
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the…
- CVE-2019-0568Jan 8, 2019risk 0.03cvss —epss 0.81
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…
- CVE-2019-0567Jan 8, 2019risk 0.03cvss —epss 0.90
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…
- CVE-2019-0539Jan 8, 2019risk 0.03cvss —epss 0.91
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567,…