CWE-823
Use of Out-of-range Pointer Offset
Description
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-129
CVEs mapped to this weakness (24)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21732 | Cri | 0.62 | 9.6 | 0.00 | Mar 20, 2026 | A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits… | ||
| CVE-2017-20211 | Hig | 0.56 | — | 0.01 | Nov 12, 2025 | UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A… | ||
| CVE-2026-28764 | Hig | 0.51 | 7.8 | 0.00 | May 21, 2026 | MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability | ||
| CVE-2025-25180 | Hig | 0.51 | 7.8 | 0.00 | Jul 14, 2025 | Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages… | ||
| CVE-2024-52939 | — | Hig | 0.51 | 7.8 | 0.00 | Feb 22, 2025 | Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | |
| CVE-2024-47900 | — | Hig | 0.51 | 7.8 | 0.00 | Jan 31, 2025 | Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. | |
| CVE-2024-52938 | — | Hig | 0.51 | 7.8 | 0.00 | Jan 13, 2025 | Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory. | |
| CVE-2016-2161 | Hig | 0.50 | 7.5 | 0.21 | Jul 27, 2017 | In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | ||
| CVE-2025-11232 | Hig | 0.49 | 7.5 | 0.00 | Oct 29, 2025 | To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the… | ||
| CVE-2024-12577 | — | Hig | 0.47 | 7.3 | 0.00 | Feb 22, 2025 | Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |
| CVE-2024-47895 | — | Hig | 0.46 | 7.1 | 0.00 | Jan 13, 2025 | Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | |
| CVE-2024-47894 | — | Hig | 0.46 | 7.1 | 0.00 | Jan 13, 2025 | Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | |
| CVE-2026-23764 | Med | 0.44 | — | 0.00 | Jan 22, 2026 | VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a… | ||
| CVE-2024-52937 | Med | 0.44 | 6.7 | 0.00 | Jan 13, 2025 | Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||
| CVE-2026-42946 | — | Med | 0.42 | 6.5 | 0.01 | May 13, 2026 | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to… | |
| CVE-2026-41907 | Hig | 0.42 | 7.5 | 0.00 | Apr 24, 2026 | uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is… | ||
| CVE-2024-47893 | — | Med | 0.42 | 6.5 | 0.00 | May 17, 2025 | Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory. | |
| CVE-2026-20022 | Med | 0.40 | 6.1 | 0.00 | Mar 4, 2026 | A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled… | ||
| CVE-2025-46806 | Med | 0.38 | — | 0.00 | Jun 2, 2025 | A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4. | ||
| CVE-2024-52936 | — | Med | 0.29 | 4.4 | 0.00 | Jan 13, 2025 | Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. |
- risk 0.62cvss 9.6epss 0.00
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits…
- risk 0.56cvss —epss 0.01
UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A…
- risk 0.51cvss 7.8epss 0.00
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages…
- risk 0.51cvss 7.8epss 0.00
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory.
- risk 0.51cvss 7.8epss 0.00
Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory.
- risk 0.51cvss 7.8epss 0.00
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory.
- risk 0.50cvss 7.5epss 0.21
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.
- risk 0.49cvss 7.5epss 0.00
To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "[^A-Za-z0-9.-]"; "hostname-char-replacement" must be empty (the default); and "ddns-qualifying-suffix" must *NOT* be empty (the…
- risk 0.47cvss 7.3epss 0.00
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- risk 0.46cvss 7.1epss 0.00
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
- risk 0.46cvss 7.1epss 0.00
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
- risk 0.44cvss —epss 0.00
VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a…
- risk 0.44cvss 6.7epss 0.00
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
- risk 0.42cvss 6.5epss 0.01
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle (MITM) ability to…
- risk 0.42cvss 7.5epss 0.00
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is…
- risk 0.42cvss 6.5epss 0.00
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory.
- risk 0.40cvss 6.1epss 0.00
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition when OSPF canonicalization debug is enabled…
- risk 0.38cvss —epss 0.00
A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
- risk 0.29cvss 4.4epss 0.00
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.