Common Weakness Enumeration

CWE-124

Allowed

Buffer Underwrite ('Buffer Underflow')

Abstraction: Base · Status: Incomplete

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

63 vulnerabilities reference this CWE, most recent first.

GHSA-WP42-Q397-QJ9F

Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30
VLAI
Details

Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to manipulate memory in such a way that they could execute code under the privileges of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52990"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-124"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-10T21:15:19Z",
    "severity": "HIGH"
  },
  "details": "Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite (\u0027Buffer Underflow\u0027) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to manipulate memory in such a way that they could execute code under the privileges of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-wp42-q397-qj9f",
  "modified": "2024-12-10T21:30:53Z",
  "published": "2024-12-10T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52990"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/animate/apsb24-96.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WVPR-V2QR-CCVF

Vulnerability from github – Published: 2025-03-24 18:31 – Updated: 2025-03-24 18:31
VLAI
Details

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-25610"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-124"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-24T16:15:17Z",
    "severity": "CRITICAL"
  },
  "details": "A buffer underwrite (\u0027buffer underflow\u0027) vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.",
  "id": "GHSA-wvpr-v2qr-ccvf",
  "modified": "2025-03-24T18:31:02Z",
  "published": "2025-03-24T18:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25610"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/psirt/FG-IR-23-001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XC99-2V4M-JV2W

Vulnerability from github – Published: 2026-01-27 15:30 – Updated: 2026-03-18 18:31
VLAI
Details

A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1485"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-124",
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-27T14:15:56Z",
    "severity": "LOW"
  },
  "details": "A flaw was found in Glib\u0027s content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.",
  "id": "GHSA-xc99-2v4m-jv2w",
  "modified": "2026-03-18T18:31:10Z",
  "published": "2026-01-27T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-1485"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433325"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/glib/-/issues/3871"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Requirements

Choose a language that is not susceptible to these issues.

Mitigation
Implementation

All calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.

No CAPEC attack patterns related to this CWE.