Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-2126

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-19 Jun, 2022 | 00:00
Updated At-03 Aug, 2024 | 00:24
Rejected At-
Credits

Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:19 Jun, 2022 | 00:00
Updated At:03 Aug, 2024 | 00:24
Rejected At:
▼CVE Numbering Authority (CNA)
Out-of-bounds Read in vim/vim

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Affected Products
Vendor
Vimvim
Product
vim/vim
Versions
Affected
  • From unspecified before 8.2 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125 Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125 Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
N/A
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
N/A
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html
mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
vendor-advisory
https://security.gentoo.org/glsa/202208-32
vendor-advisory
https://support.apple.com/kb/HT213443
N/A
https://support.apple.com/kb/HT213444
N/A
https://support.apple.com/kb/HT213488
N/A
http://seclists.org/fulldisclosure/2022/Oct/41
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/28
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/43
mailing-list
http://seclists.org/fulldisclosure/2022/Oct/45
mailing-list
https://security.gentoo.org/glsa/202305-16
vendor-advisory
Hyperlink: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
Resource: N/A
Hyperlink: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html
Resource:
mailing-list
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
Resource:
vendor-advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
Resource:
vendor-advisory
Hyperlink: https://security.gentoo.org/glsa/202208-32
Resource:
vendor-advisory
Hyperlink: https://support.apple.com/kb/HT213443
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213444
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213488
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/41
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/28
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/43
Resource:
mailing-list
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/45
Resource:
mailing-list
Hyperlink: https://security.gentoo.org/glsa/202305-16
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
x_transferred
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
x_transferred
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html
mailing-list
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
vendor-advisory
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
vendor-advisory
x_transferred
https://security.gentoo.org/glsa/202208-32
vendor-advisory
x_transferred
https://support.apple.com/kb/HT213443
x_transferred
https://support.apple.com/kb/HT213444
x_transferred
https://support.apple.com/kb/HT213488
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/41
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/28
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/43
mailing-list
x_transferred
http://seclists.org/fulldisclosure/2022/Oct/45
mailing-list
x_transferred
https://security.gentoo.org/glsa/202305-16
vendor-advisory
x_transferred
Hyperlink: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
Resource:
x_transferred
Hyperlink: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html
Resource:
mailing-list
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
Resource:
vendor-advisory
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202208-32
Resource:
vendor-advisory
x_transferred
Hyperlink: https://support.apple.com/kb/HT213443
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213444
Resource:
x_transferred
Hyperlink: https://support.apple.com/kb/HT213488
Resource:
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/41
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/28
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/43
Resource:
mailing-list
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/45
Resource:
mailing-list
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202305-16
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:19 Jun, 2022 | 13:15
Updated At:07 Nov, 2023 | 03:46

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Vim
vim
>>vim>>Versions before 8.2.5123(exclusive)
cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>35
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions before 11.7(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions from 12.0(inclusive) to 12.6(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarysecurity@huntr.dev
CWE-125Secondarynvd@nist.gov
CWE ID: CWE-125
Type: Primary
Source: security@huntr.dev
CWE ID: CWE-125
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://seclists.org/fulldisclosure/2022/Oct/28security@huntr.dev
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/41security@huntr.dev
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/43security@huntr.dev
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2022/Oct/45security@huntr.dev
Mailing List
Third Party Advisory
https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8security@huntr.dev
Patch
Third Party Advisory
https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946esecurity@huntr.dev
Exploit
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/06/msg00014.htmlsecurity@huntr.dev
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/security@huntr.dev
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/security@huntr.dev
N/A
https://security.gentoo.org/glsa/202208-32security@huntr.dev
Third Party Advisory
https://security.gentoo.org/glsa/202305-16security@huntr.dev
N/A
https://support.apple.com/kb/HT213443security@huntr.dev
Third Party Advisory
https://support.apple.com/kb/HT213444security@huntr.dev
Third Party Advisory
https://support.apple.com/kb/HT213488security@huntr.dev
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/28
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/41
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/43
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2022/Oct/45
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8
Source: security@huntr.dev
Resource:
Patch
Third Party Advisory
Hyperlink: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e
Source: security@huntr.dev
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2022/06/msg00014.html
Source: security@huntr.dev
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFD2A4YLBR7OIRHTL7CK6YNMEIQ264CN/
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U743FMJGFQ35GBPCQ6OWMVZEJPDFVEWM/
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202208-32
Source: security@huntr.dev
Resource:
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/202305-16
Source: security@huntr.dev
Resource: N/A
Hyperlink: https://support.apple.com/kb/HT213443
Source: security@huntr.dev
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT213444
Source: security@huntr.dev
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT213488
Source: security@huntr.dev
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

7440Records found
CVE-2023-47058
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.44%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 16:16
Updated-04 Sep, 2024 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21766: Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowspremiere_promacosPremiere Propremiere_pro
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-47050
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.76%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 15:39
Updated-10 Jun, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21686: Adobe Audition M4A File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsauditionmacosAudition
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-30708
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.38% / 58.34%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:28
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosmac_os_xipadosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2014-9669
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.78% / 81.92%
||
7 Day CHG~0.00%
Published-08 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Action-Not Available
Vendor-freetypen/aopenSUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serverdebian_linuxsolarisenterprise_linux_hpc_nodefedoraopensuseubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusfreetypeenterprise_linux_workstationenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-18359
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.23% / 78.29%
||
7 Day CHG~0.00%
Published-11 Dec, 2018 | 15:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect handling of Reflect.construct in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-debian_linuxchromelinux_workstationlinux_serverlinux_desktopChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28554
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-33.25% / 96.76%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:50
Updated-16 Sep, 2024 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-17461
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.45%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 19:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Action-Not Available
Vendor-Red Hat, Inc.Google LLCDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeenterprise_linux_workstationenterprise_linux_desktopChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28551
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-24.70% / 95.92%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:51
Updated-16 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability

Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds read vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-27941
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-26 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.

Action-Not Available
Vendor-n/aFedora ProjectBroadcom Inc.
Product-tcpreplayfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-12264
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.44%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 11:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-12265
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.88% / 74.44%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 11:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.

Action-Not Available
Vendor-n/aCanonical Ltd.Exiv2Debian GNU/Linux
Product-ubuntu_linuxexiv2debian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-17466
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.90% / 74.68%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 15:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.

Action-Not Available
Vendor-Canonical Ltd.Google LLCRed Hat, Inc.Debian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_euschromeenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_server_tusenterprise_linux_desktopChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-44337
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.40% / 79.66%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:52
Updated-07 Jan, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21509: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10549
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.23% / 83.86%
||
7 Day CHG~0.00%
Published-29 Apr, 2018 | 21:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character.

Action-Not Available
Vendor-n/aNetApp, Inc.Canonical Ltd.Debian GNU/LinuxThe PHP Group
Product-ubuntu_linuxphpdebian_linuxstorage_automation_storen/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10877
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.3||HIGH
EPSS-0.35% / 56.65%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.

Action-Not Available
Vendor-[UNKNOWN]Linux Kernel Organization, IncDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-ubuntu_linuxdebian_linuxlinux_kernelenterprise_linuxkernel
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-1056
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.42% / 60.89%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

Action-Not Available
Vendor-advancemameamadvanceCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxadvancecompadvancecomp:
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-10392
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.36% / 79.37%
||
7 Day CHG~0.00%
Published-26 Apr, 2018 | 05:00
Updated-05 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels, which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file.

Action-Not Available
Vendor-xiph.orgn/aDebian GNU/LinuxRed Hat, Inc.
Product-debian_linuxenterprise_linux_server_ausenterprise_linuxlibvorbisenterprise_linux_eusenterprise_linux_server_tusn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27161
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.50%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 18:10
Updated-28 Apr, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader | Out-of-bounds Read (CWE-125)

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-acrobat_dcacrobat_readermacosacrobat_reader_dcwindowsacrobatAcrobat Reader
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9873
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.31%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 17:59
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-24228
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.15%
||
7 Day CHG~0.00%
Published-31 Mar, 2025 | 22:23
Updated-07 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2014-1497
Matching Score-10
Assigner-Mozilla Corporation
ShareView Details
Matching Score-10
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSERed Hat, Inc.Debian GNU/LinuxCanonical Ltd.
Product-enterprise_linux_serverenterprise_linux_eusfirefoxenterprise_linux_server_eusthunderbirdsuse_linux_enterprise_desktopdebian_linuxenterprise_linux_server_ausseamonkeyfirefox_esropensuseubuntu_linuxenterprise_linux_desktopsuse_linux_enterprise_serverenterprise_linux_server_tusenterprise_linux_workstationsuse_linux_enterprise_software_development_kitn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9726
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.18%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscript_ghostxpsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9739
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.18%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscript_ghostxpsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9611
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.02%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-ghostscriptdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9727
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.42%
||
7 Day CHG+0.18%
Published-26 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

Action-Not Available
Vendor-n/aArtifex Software Inc.Debian GNU/Linux
Product-debian_linuxghostscript_ghostxpsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9935
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.01% / 76.22%
||
7 Day CHG+0.03%
Published-26 Jun, 2017 | 12:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. This heap overflow could lead to different damages. For example, a crafted TIFF document can lead to an out-of-bounds read in TIFFCleanup, an invalid free in TIFFClose or t2p_free, memory corruption in t2p_readwrite_pdf_image, or a double free in t2p_free. Given these possibilities, it probably could cause arbitrary code execution.

Action-Not Available
Vendor-n/aDebian GNU/LinuxCanonical Ltd.LibTIFF
Product-ubuntu_linuxdebian_linuxlibtiffn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1753
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.67%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:20
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmac_os_xmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1736
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:46
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-macosmac_os_xmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1743
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:48
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-7010
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.25%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesmac_os_xtvosiphone_osicloudwindowsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1758
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.11% / 77.22%
||
7 Day CHG+0.29%
Published-02 Apr, 2021 | 17:52
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1792
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-1.19% / 77.96%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:01
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1741
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:47
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1745
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.82%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:47
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosmac_os_xipadosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1759
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.43% / 61.77%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:51
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1885
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:48
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1785
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.98%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:00
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-42833
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.74%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5054
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.71%
||
7 Day CHG~0.00%
Published-27 Oct, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncRed Hat, Inc.Apple Inc.Microsoft CorporationGoogle LLC
Product-chromeenterprise_linux_desktopenterprise_linux_workstationlinux_kernelwindowsenterprise_linux_servermacosandroidGoogle Chrome prior to 57.0.2987.133 for Linux, Windows and Mac, and 57.0.2987.132 for Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9938
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.31%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:05
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9956
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.40% / 59.53%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 17:23
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvosmac_os_xmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9961
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.27% / 50.55%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 20:42
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvosmac_os_xicloudmacOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-6304
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.26% / 48.64%
||
7 Day CHG~0.00%
Published-24 Feb, 2017 | 04:23
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "7 of 9. Out of Bounds read."

Action-Not Available
Vendor-ytnef_projectn/aDebian GNU/Linux
Product-ytnefdebian_linuxn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9888
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.46% / 63.22%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:37
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38417
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.67%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:20
Updated-23 Apr, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38429
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.67%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:16
Updated-23 Apr, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-9877
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.42% / 61.31%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 17:58
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvosmac_os_xicloudiTunes for WindowswatchOSiCloud for WindowsmacOSiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38416
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.20% / 42.67%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:20
Updated-23 Apr, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe InDesign SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsindesignmacosInDesign
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38440
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.45%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 19:50
Updated-23 Apr, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Dimension SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsdimensionmacosDimension
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-38431
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.23% / 46.11%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:16
Updated-23 Apr, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 148
  • 149
  • Next
Details not found