CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11273 vulnerabilities reference this CWE, most recent first.
GHSA-JCPV-MPM6-GV57
Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
{
"affected": [],
"aliases": [
"CVE-2017-12445"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-17T16:29:00Z",
"severity": "MODERATE"
},
"details": "The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.",
"id": "GHSA-jcpv-mpm6-gv57",
"modified": "2022-05-17T01:58:38Z",
"published": "2022-05-17T01:58:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12445"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Aug/15"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100423"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCPV-W686-QV5J
Vulnerability from github – Published: 2022-07-18 00:00 – Updated: 2022-07-26 00:00An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.
{
"affected": [],
"aliases": [
"CVE-2022-31212"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-17T23:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service\u0027s Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.",
"id": "GHSA-jcpv-w686-qv5j",
"modified": "2022-07-26T00:00:28Z",
"published": "2022-07-18T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31212"
},
{
"type": "WEB",
"url": "https://github.com/bus1/dbus-broker/compare/v30...v31"
},
{
"type": "WEB",
"url": "https://sec-consult.com/vulnerability-lab/advisory/memory-corruption-vulnerabilities-dbus-broker"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-04"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCQM-623V-RHHW
Vulnerability from github – Published: 2024-12-03 15:31 – Updated: 2024-12-03 15:31in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
{
"affected": [],
"aliases": [
"CVE-2024-12082"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-03T13:15:04Z",
"severity": "MODERATE"
},
"details": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.",
"id": "GHSA-jcqm-623v-rhhw",
"modified": "2024-12-03T15:31:24Z",
"published": "2024-12-03T15:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12082"
},
{
"type": "WEB",
"url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-12.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCRH-J3JG-VFMC
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
{
"affected": [],
"aliases": [
"CVE-2026-55035"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:18:14Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.",
"id": "GHSA-jcrh-j3jg-vfmc",
"modified": "2026-07-14T18:32:33Z",
"published": "2026-07-14T18:32:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55035"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55035"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCVJ-P2RG-4RPW
Vulnerability from github – Published: 2024-11-12 21:30 – Updated: 2024-11-12 21:30Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-47435"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-12T20:15:10Z",
"severity": "MODERATE"
},
"details": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-jcvj-p2rg-4rpw",
"modified": "2024-11-12T21:30:54Z",
"published": "2024-11-12T21:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47435"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JCVW-97MH-Q338
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731880
{
"affected": [],
"aliases": [
"CVE-2020-27040"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T17:15:00Z",
"severity": "MODERATE"
},
"details": "In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731880",
"id": "GHSA-jcvw-97mh-q338",
"modified": "2022-05-24T17:36:31Z",
"published": "2022-05-24T17:36:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27040"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2020-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JCW4-9CCQ-G3RH
Vulnerability from github – Published: 2022-12-23 18:30 – Updated: 2025-04-15 06:30An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT.
{
"affected": [],
"aliases": [
"CVE-2022-47938"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-23T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT.",
"id": "GHSA-jcw4-9ccq-g3rh",
"modified": "2025-04-15T06:30:33Z",
"published": "2022-12-23T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47938"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/824d4f64c20093275f72fc8101394d75ff6a249e"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=824d4f64c20093275f72fc8101394d75ff6a249e"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1689"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/12/23/10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JCXP-GMVC-4GGH
Vulnerability from github – Published: 2022-05-13 01:26 – Updated: 2022-05-13 01:26The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-3906"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2011-12-13T21:55:00Z",
"severity": "MODERATE"
},
"details": "The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.",
"id": "GHSA-jcxp-gmvc-4ggh",
"modified": "2022-05-13T01:26:56Z",
"published": "2022-05-13T01:26:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3906"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14548"
},
{
"type": "WEB",
"url": "http://code.google.com/p/chromium/issues/detail?id=98809"
},
{
"type": "WEB",
"url": "http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JCXW-4397-C5HH
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24409.
{
"affected": [],
"aliases": [
"CVE-2024-8838"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T21:15:22Z",
"severity": "HIGH"
},
"details": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24409.",
"id": "GHSA-jcxw-4397-c5hh",
"modified": "2024-11-22T21:32:19Z",
"published": "2024-11-22T21:32:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8838"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1261"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JF2Q-CW9F-8H9X
Vulnerability from github – Published: 2024-05-16 09:33 – Updated: 2024-05-16 09:33Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-30281"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-16T09:15:11Z",
"severity": "MODERATE"
},
"details": "Substance3D - Designer versions 13.1.1 and earlier Answer: are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-jf2q-cw9f-8h9x",
"modified": "2024-05-16T09:33:07Z",
"published": "2024-05-16T09:33:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30281"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_designer/apsb24-35.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.