CWE-787— Out-of-bounds Write
13,439 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 4 of 269
- CVE-2013-2028NONECVSS 0.0EG 9.02013-07-20
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk si…
- CVE-2013-2189NONECVSS 0.0EG 0.02013-07-31
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
- CVE-2013-2739CRITICALCVSS 9.8EG 9.82019-11-01
MiniDLNA has heap-based buffer overflow
- CVE-2013-3163HIGHCVSS 8.8EG 9.0⚠ KEV2013-07-10
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulner…
- CVE-2013-3246HIGHCVSS 7.8EG 7.82020-01-02
Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file.
- CVE-2013-3247HIGHCVSS 7.8EG 7.82020-01-02
Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file.
- CVE-2013-3249NONECVSS 0.0EG 0.02014-03-20
Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspe…
- CVE-2013-3346CRITICALCVSS 9.8EG 9.8⚠ KEV2013-08-30
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2…
- CVE-2013-3492CRITICALCVSS 9.8EG 9.82020-01-27
XnView 2.03 has a stack-based buffer overflow vulnerability
- CVE-2013-3918HIGHCVSS 8.8EG 9.0⚠ KEV2013-11-12
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server…
- CVE-2013-3937HIGHCVSS 7.8EG 7.82020-01-02
Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.
- CVE-2013-3939HIGHCVSS 7.8EG 7.82020-01-02
xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected si…
- CVE-2013-3941CRITICALCVSS 9.8EG 9.82020-01-02
Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, w…
- CVE-2013-3944HIGHCVSS 7.8EG 7.82020-01-02
Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag.
- CVE-2013-3946HIGHCVSS 7.8EG 7.82020-01-02
Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header.
- CVE-2013-4113NONECVSS 0.0EG 0.02013-07-13
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is proce…
- CVE-2013-4156NONECVSS 0.0EG 0.02013-07-31
Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
- CVE-2013-4365NONECVSS 0.0EG 0.02013-10-17
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
- CVE-2013-5610NONECVSS 0.0EG 0.02013-12-11
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary…
- CVE-2013-5656HIGHCVSS 7.8EG 7.82020-01-07
FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability
- CVE-2013-5659HIGHCVSS 7.5EG 7.52020-01-27
Wiz 5.0.3 has a user mode write access violation
- CVE-2013-7098CRITICALCVSS 9.8EG 9.82020-02-13
OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.
- CVE-2013-7491MEDIUMCVSS 5.3EG 5.32020-09-11
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
- CVE-2014-0011CRITICALCVSS 9.8EG 9.82020-01-02
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbi…
- CVE-2014-0077NONECVSS 0.0EG 0.02014-04-14
drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possi…
- CVE-2014-0133NONECVSS 0.0EG 0.02014-03-28
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
- CVE-2014-125002MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remo…
- CVE-2014-125003MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is r…
- CVE-2014-125004MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remo…
- CVE-2014-125005MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the …
- CVE-2014-125006MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched …
- CVE-2014-125007MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launche…
- CVE-2014-125008MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remot…
- CVE-2014-125009MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is …
- CVE-2014-125010MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remote…
- CVE-2014-125013MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It…
- CVE-2014-125014MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remo…
- CVE-2014-125015HIGHCVSS 7.3EG 7.82022-06-18
A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patc…
- CVE-2014-125016MEDIUMCVSS 5.3EG 5.52022-06-18
A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is re…
- CVE-2014-125018MEDIUMCVSS 5.3EG 5.52022-06-19
A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recomme…
- CVE-2014-125019MEDIUMCVSS 5.3EG 5.52022-06-19
A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the at…
- CVE-2014-125020HIGHCVSS 7.3EG 7.82022-06-19
A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recomme…
- CVE-2014-125021MEDIUMCVSS 5.3EG 5.52022-06-19
A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patc…
- CVE-2014-125022MEDIUMCVSS 5.3EG 5.52022-06-19
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the atta…
- CVE-2014-125023MEDIUMCVSS 5.3EG 5.52022-06-19
A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The a…
- CVE-2014-125024HIGHCVSS 7.3EG 7.82022-06-19
A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a…
- CVE-2014-125025MEDIUMCVSS 5.3EG 5.52022-06-19
A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patc…
- CVE-2014-125026CRITICALCVSS 9.8EG 9.82022-12-27
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
- CVE-2014-125106CRITICALCVSS 9.8EG 9.82023-06-17
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.
- CVE-2014-1478NONECVSS 0.0EG 0.02014-02-06
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →