CWE-787— Out-of-bounds Write
13,459 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 49 of 270
- CVE-2019-5764HIGHCVSS 8.8EG 8.82019-02-19
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5772HIGHCVSS 8.8EG 8.82019-02-19
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5782HIGHCVSS 8.8EG 8.82019-02-19
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2019-5784MEDIUMCVSS 6.5EG 6.52019-06-27
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5785MEDIUMCVSS 6.5EG 6.52019-06-27
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- CVE-2019-5787HIGHCVSS 8.8EG 8.82019-05-23
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5796HIGHCVSS 7.5EG 7.52019-05-23
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5805MEDIUMCVSS 6.5EG 6.52019-06-27
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5806HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5807HIGHCVSS 8.8EG 8.82019-06-27
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5808HIGHCVSS 8.8EG 8.82019-06-27
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5813HIGHCVSS 8.8EG 8.82019-06-27
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5815HIGHCVSS 7.5EG 7.52019-12-11
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
- CVE-2019-5817HIGHCVSS 8.8EG 8.82019-06-27
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5820HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5821HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5824HIGHCVSS 8.8EG 8.82019-06-27
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5825MEDIUMCVSS 6.5EG 9.0⚠ KEV2019-11-25
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5826MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5827HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5831HIGHCVSS 8.8EG 8.82019-06-27
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5836HIGHCVSS 8.8EG 8.82019-06-27
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5841HIGHCVSS 8.8EG 8.82019-12-10
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5842MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5843HIGHCVSS 8.8EG 8.82019-12-10
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5844MEDIUMCVSS 6.5EG 6.52020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5845MEDIUMCVSS 6.5EG 6.52020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5846MEDIUMCVSS 6.5EG 6.52020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5847MEDIUMCVSS 6.5EG 6.52019-11-25
Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5851HIGHCVSS 8.8EG 8.82019-11-25
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5854HIGHCVSS 8.8EG 8.82019-11-25
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5855MEDIUMCVSS 6.5EG 6.52019-11-25
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5857MEDIUMCVSS 6.5EG 6.52019-11-25
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- CVE-2019-5860MEDIUMCVSS 5.5EG 5.52019-11-25
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5866CRITICALCVSS 9.8EG 9.82019-11-25
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5868MEDIUMCVSS 5.5EG 5.52019-11-25
Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5869MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5871HIGHCVSS 8.8EG 8.82019-11-25
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5872MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5876HIGHCVSS 8.8EG 8.82019-11-25
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5877HIGHCVSS 8.8EG 8.82019-11-25
Out of bounds memory access in JavaScript in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5878HIGHCVSS 8.8EG 8.82019-11-25
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5953CRITICALCVSS 9.8EG 9.82019-05-17
Buffer overflow in GNU Wget 1.20.1 and earlier allows remote attackers to cause a denial-of-service (DoS) or may execute an arbitrary code via unspecified vectors.
- CVE-2019-5998HIGHCVSS 8.8EG 8.82019-08-06
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III f…
- CVE-2019-5999HIGHCVSS 8.8EG 8.82019-08-06
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III f…
- CVE-2019-6000HIGHCVSS 8.8EG 8.82019-08-06
Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras (EOS-1D X firmware version 2.1.0 and earlier, EOS-1D X MKII firmware version 1.1.6 and earlier, EOS-1D C firmware version 1.4.1 and earlier, EOS 5D MARK III f…
- CVE-2019-6201HIGHCVSS 8.8EG 8.82019-12-18
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lea…
- CVE-2019-6205HIGHCVSS 7.8EG 7.82019-03-05
A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may cause unexpected changes in memory shared between processes.
- CVE-2019-6210HIGHCVSS 7.8EG 7.82019-03-05
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileg…
- CVE-2019-6211HIGHCVSS 8.8EG 8.82019-03-05
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →