CWE-787
Out-of-bounds Write
Description
The product writes data past the end, or before the beginning, of the intended buffer.
Hierarchy (View 1000)
CVEs mapped to this weakness (2,513)
page 8 of 126| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54957 | Cri | 0.64 | 9.8 | 0.02 | Oct 20, 2025 | An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length… | ||
| CVE-2025-11709 | Cri | 0.64 | 9.8 | 0.00 | Oct 14, 2025 | A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. | ||
| CVE-2025-43209 | Cri | 0.64 | 9.8 | 0.01 | Jul 30, 2025 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web… | ||
| CVE-2025-49709 | Cri | 0.64 | 9.8 | 0.01 | Jun 11, 2025 | Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4. | ||
| CVE-2025-4918 | Cri | 0.64 | 9.8 | 0.09 | May 17, 2025 | An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2. | ||
| CVE-2025-24273 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2025 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||
| CVE-2025-24231 | Cri | 0.64 | 9.8 | 0.01 | Mar 31, 2025 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system. | ||
| CVE-2025-1020 | Cri | 0.64 | 9.8 | 0.01 | Feb 4, 2025 | Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and… | ||
| CVE-2025-1017 | Cri | 0.64 | 9.8 | 0.01 | Feb 4, 2025 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability… | ||
| CVE-2025-1016 | Cri | 0.64 | 9.8 | 0.01 | Feb 4, 2025 | Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to… | ||
| CVE-2024-12248 | Cri | 0.64 | 9.8 | 0.01 | Jan 30, 2025 | Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution. | ||
| CVE-2024-54534 | Cri | 0.64 | 9.8 | 0.01 | Dec 12, 2024 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption. | ||
| CVE-2024-44242 | Cri | 0.64 | 9.8 | 0.01 | Dec 12, 2024 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | ||
| CVE-2024-49195 | Cri | 0.64 | 9.8 | 0.01 | Oct 15, 2024 | Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair | ||
| CVE-2024-2184 | Cri | 0.64 | 9.8 | 0.01 | Mar 11, 2024 | Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C… | ||
| CVE-2023-47359 | Cri | 0.64 | 9.8 | 0.01 | Nov 7, 2023 | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | ||
| CVE-2022-46393 | Cri | 0.64 | 9.8 | 0.01 | Dec 15, 2022 | An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. | ||
| CVE-2022-34835 | Cri | 0.64 | 9.8 | 0.02 | Jun 30, 2022 | In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function. | ||
| CVE-2021-33485 | Cri | 0.64 | 9.8 | 0.01 | Aug 3, 2021 | CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | ||
| CVE-2019-19638 | Cri | 0.64 | 9.8 | 0.01 | Dec 8, 2019 | An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow. |
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length…
- risk 0.64cvss 9.8epss 0.00
A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
- risk 0.64cvss 9.8epss 0.01
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web…
- risk 0.64cvss 9.8epss 0.01
Certain canvas operations could have lead to memory corruption. This vulnerability was fixed in Firefox 139.0.4.
- risk 0.64cvss 9.8epss 0.09
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
- risk 0.64cvss 9.8epss 0.01
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system.
- risk 0.64cvss 9.8epss 0.01
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and…
- risk 0.64cvss 9.8epss 0.01
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability…
- risk 0.64cvss 9.8epss 0.01
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to…
- risk 0.64cvss 9.8epss 0.01
Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution.
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to memory corruption.
- risk 0.64cvss 9.8epss 0.01
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.
- risk 0.64cvss 9.8epss 0.01
Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair
- risk 0.64cvss 9.8epss 0.01
Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C…
- risk 0.64cvss 9.8epss 0.01
Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
- risk 0.64cvss 9.8epss 0.02
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
- risk 0.64cvss 9.8epss 0.01
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.