CWE-125— Out-of-bounds Read
7,742 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-125page 7 of 155
- CVE-2018-11251MEDIUMCVSS 6.5EG 6.52018-05-18
In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) vi…
- CVE-2018-11278HIGHCVSS 7.1EG 7.12018-09-18
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over…
- CVE-2018-11285HIGHCVSS 7.8EG 7.82018-09-20
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845,…
- CVE-2018-11293MEDIUMCVSS 5.7EG 5.72018-09-18
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not…
- CVE-2018-11297HIGHCVSS 7.8EG 7.82018-09-18
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is re…
- CVE-2018-11362HIGHCVSS 7.5EG 7.52018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing '\0' character.
- CVE-2018-11363HIGHCVSS 7.5EG 7.52018-05-22
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
- CVE-2018-11375MEDIUMCVSS 5.5EG 5.52018-05-22
The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
- CVE-2018-11376MEDIUMCVSS 5.5EG 5.52018-05-22
The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
- CVE-2018-11377MEDIUMCVSS 5.5EG 5.52018-05-22
The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
- CVE-2018-11379MEDIUMCVSS 5.5EG 5.52018-05-22
The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.
- CVE-2018-11380MEDIUMCVSS 5.5EG 5.52018-05-22
The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.
- CVE-2018-11381MEDIUMCVSS 5.5EG 5.52018-05-22
The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
- CVE-2018-11382MEDIUMCVSS 5.5EG 5.52018-05-22
The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
- CVE-2018-11384MEDIUMCVSS 5.5EG 5.52018-05-22
The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.
- CVE-2018-11418CRITICALCVSS 9.8EG 9.82018-05-24
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.
- CVE-2018-11419CRITICALCVSS 9.8EG 9.82018-05-24
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.
- CVE-2018-11432MEDIUMCVSS 6.5EG 6.52018-05-30
The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.
- CVE-2018-11433MEDIUMCVSS 6.5EG 6.52018-05-30
The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.
- CVE-2018-11434MEDIUMCVSS 6.5EG 6.52018-05-30
The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.
- CVE-2018-11436MEDIUMCVSS 6.5EG 6.52018-05-30
The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.
- CVE-2018-11439MEDIUMCVSS 6.5EG 6.52018-05-30
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
- CVE-2018-11465HIGHCVSS 7.8EG 7.82018-12-12
A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 …
- CVE-2018-11468MEDIUMCVSS 5.5EG 5.52018-05-25
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
- CVE-2018-11503MEDIUMCVSS 5.5EG 5.52018-05-26
The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
- CVE-2018-11504MEDIUMCVSS 5.5EG 5.52018-05-26
The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
- CVE-2018-11546CRITICALCVSS 9.8EG 9.82018-05-29
md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.
- CVE-2018-11547CRITICALCVSS 9.8EG 9.82018-05-29
md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.
- CVE-2018-11576CRITICALCVSS 9.8EG 9.82018-05-31
ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.
- CVE-2018-11592MEDIUMCVSS 5.5EG 5.52018-05-31
Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_gra…
- CVE-2018-11598HIGHCVSS 7.1EG 7.12018-05-31
Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for lo…
- CVE-2018-11620MEDIUMCVSS 6.5EG 6.52018-07-31
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2018-11621MEDIUMCVSS 6.5EG 6.52018-07-31
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2018-11625HIGHCVSS 8.8EG 8.82018-05-31
In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.
- CVE-2018-11693HIGHCVSS 8.1EG 8.12018-06-04
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read fr…
- CVE-2018-11697HIGHCVSS 8.1EG 8.12018-06-04
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unma…
- CVE-2018-11698HIGHCVSS 8.1EG 8.12018-06-04
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped me…
- CVE-2018-11723MEDIUMCVSS 5.5EG 5.52018-06-19
The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor …
- CVE-2018-11724HIGHCVSS 8.8EG 8.82018-06-19
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
- CVE-2018-11725MEDIUMCVSS 6.5EG 6.52018-06-19
The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.
- CVE-2018-11727MEDIUMCVSS 5.5EG 5.52018-06-19
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has …
- CVE-2018-11728MEDIUMCVSS 5.5EG 5.52018-06-19
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOT…
- CVE-2018-11729MEDIUMCVSS 5.5EG 5.52018-06-19
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has di…
- CVE-2018-11731MEDIUMCVSS 5.5EG 5.52018-06-19
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor ha…
- CVE-2018-11737HIGHCVSS 8.1EG 8.12018-06-05
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an at…
- CVE-2018-11738HIGHCVSS 8.1EG 8.12018-06-05
An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attack…
- CVE-2018-11739HIGHCVSS 8.1EG 8.12018-06-05
An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to dis…
- CVE-2018-11740HIGHCVSS 8.1EG 8.12018-06-05
An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by a…
- CVE-2018-1179MEDIUMCVSS 6.5EG 6.52018-05-17
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…
- CVE-2018-11897HIGHCVSS 7.8EG 7.82018-09-19
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than …
Map vulnerabilities like CWE-125 to your infrastructure
EchelonGraph correlates every CVE — across CWE-125 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →