CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-WJ36-R8MG-8RVP
Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-66633"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T19:16:00Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.",
"id": "GHSA-wj36-r8mg-8rvp",
"modified": "2026-03-17T21:31:45Z",
"published": "2026-03-17T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66633"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2313"
},
{
"type": "WEB",
"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2313"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WJ3V-XF5X-H93W
Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-12768"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-wj3v-xf5x-h93w",
"modified": "2022-05-13T01:28:11Z",
"published": "2022-05-13T01:28:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12768"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"type": "WEB",
"url": "https://research.checkpoint.com/2018/50-adobe-cves-in-50-days"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104699"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJ57-M3P3-7H23
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.
{
"affected": [],
"aliases": [
"CVE-2018-10779"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-07T07:29:00Z",
"severity": "MODERATE"
},
"details": "TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based buffer over-read, as demonstrated by bmp2tiff.",
"id": "GHSA-wj57-m3p3-7h23",
"modified": "2022-05-13T01:48:56Z",
"published": "2022-05-13T01:48:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10779"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:2053"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3906-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3906-2"
},
{
"type": "WEB",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2788"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104089"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJ6M-MX83-GR93
Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-09 00:00An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
{
"affected": [],
"aliases": [
"CVE-2022-26697"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-26T19:15:00Z",
"severity": "HIGH"
},
"details": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.",
"id": "GHSA-wj6m-mx83-gr93",
"modified": "2022-06-09T00:00:18Z",
"published": "2022-05-27T00:00:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26697"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213255"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213256"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213257"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJ78-4P23-4G74
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2022-05-13 01:07Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
{
"affected": [],
"aliases": [
"CVE-2017-2615"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-03T01:29:00Z",
"severity": "CRITICAL"
},
"details": "Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.",
"id": "GHSA-wj78-4p23-4g74",
"modified": "2022-05-13T01:07:29Z",
"published": "2022-05-13T01:07:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2615"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX220771"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-28"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-27"
},
{
"type": "WEB",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2615"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1418200"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2017-2615"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0454"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0396"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0344"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0334"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0333"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0332"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0331"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0330"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0329"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0328"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0309"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0309.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0328.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0329.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0330.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0331.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0332.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0333.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0334.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0344.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0350.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0396.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0454.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/6"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95990"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037804"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WJ78-XRP7-JRHR
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-05 18:30This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.
{
"affected": [],
"aliases": [
"CVE-2022-28312"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.",
"id": "GHSA-wj78-xrp7-jrhr",
"modified": "2023-04-05T18:30:19Z",
"published": "2023-03-29T21:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28312"
},
{
"type": "WEB",
"url": "https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0003"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-602"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJ8F-WX2J-WJCG
Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-08-13 09:30A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2023-38531"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T10:15:16Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Parasolid V34.1 (All versions \u003c V34.1.258), Parasolid V35.0 (All versions \u003c V35.0.254), Parasolid V35.1 (All versions \u003c V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.",
"id": "GHSA-wj8f-wx2j-wjcg",
"modified": "2024-08-13T09:30:51Z",
"published": "2023-08-08T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38531"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-407785.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WJ8G-HC4J-3J7G
Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-53951"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T21:15:20Z",
"severity": "MODERATE"
},
"details": "InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-wj8g-hc4j-3j7g",
"modified": "2024-12-10T21:30:53Z",
"published": "2024-12-10T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53951"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-97.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJC3-2QJV-C8FP
Vulnerability from github – Published: 2026-04-30 21:30 – Updated: 2026-04-30 21:30FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.
{
"affected": [],
"aliases": [
"CVE-2026-28532"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T21:16:31Z",
"severity": "MODERATE"
},
"details": "FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system.",
"id": "GHSA-wjc3-2qjv-c8fp",
"modified": "2026-04-30T21:30:37Z",
"published": "2026-04-30T21:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28532"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/pull/21002"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/commit/f098decf02987fbf1c891766c1516ac832adadfd"
},
{
"type": "WEB",
"url": "https://github.com/FRRouting/frr/releases/tag/frr-10.5.3"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/frrouting-integer-overflow-in-ospf-tlv-parser-functions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-WJFG-23F5-3R74
Vulnerability from github – Published: 2022-05-17 00:18 – Updated: 2022-05-17 00:18MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.
{
"affected": [],
"aliases": [
"CVE-2017-8199"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-22T19:29:00Z",
"severity": "MODERATE"
},
"details": "MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have an out-of-bounds read vulnerability in H323 protocol. An attacker logs in to the system as a user and send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot.",
"id": "GHSA-wjfg-23f5-3r74",
"modified": "2022-05-17T00:18:12Z",
"published": "2022-05-17T00:18:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8199"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-h323-en"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101951"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.