CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11270 vulnerabilities reference this CWE, most recent first.
GHSA-JP3P-95R2-2QX9
Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472
{
"affected": [],
"aliases": [
"CVE-2021-39774"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205989472",
"id": "GHSA-jp3p-95r2-2qx9",
"modified": "2022-04-06T00:01:51Z",
"published": "2022-03-31T00:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39774"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/android-12l"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JP59-43F6-W2J5
Vulnerability from github – Published: 2022-05-17 00:14 – Updated: 2022-05-17 00:14An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
{
"affected": [],
"aliases": [
"CVE-2017-16409"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-09T06:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the Adobe graphics module responsible for displaying textual data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.",
"id": "GHSA-jp59-43f6-w2j5",
"modified": "2022-05-17T00:14:38Z",
"published": "2022-05-17T00:14:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16409"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102140"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JP67-WC45-6C82
Vulnerability from github – Published: 2022-05-14 01:22 – Updated: 2022-05-14 01:22An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2017-6500"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-06T02:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read.",
"id": "GHSA-jp67-wc45-6c82",
"modified": "2022-05-14T01:22:02Z",
"published": "2022-05-14T01:22:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6500"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/375"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/376"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/856879"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3808"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96592"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JP69-QVGM-MQWX
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-05-27 15:33libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.
{
"affected": [],
"aliases": [
"CVE-2026-23679"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:16:44Z",
"severity": "MODERATE"
},
"details": "libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer size, causing parse_interface() to return early without allocating the endpoint array. Attackers can exploit this flaw through libusb_get_active_config_descriptor or libusb_get_config_descriptor by providing crafted descriptors via virtualized USB passthrough, file-based descriptor parsing, or network sources, causing any application iterating over endpoints to dereference a NULL endpoint pointer and crash.",
"id": "GHSA-jp69-qvgm-mqwx",
"modified": "2026-05-27T15:33:11Z",
"published": "2026-05-27T15:33:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23679"
},
{
"type": "WEB",
"url": "https://github.com/libusb/libusb/issues/1813"
},
{
"type": "WEB",
"url": "https://github.com/libusb/libusb/pull/1814"
},
{
"type": "WEB",
"url": "https://github.com/libusb/libusb/commit/578ab76b4c434f8b204137ab6d7310689c7a9704"
},
{
"type": "WEB",
"url": "https://github.com/libusb/libusb/releases/tag/v1.0.30"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/libusb-null-pointer-dereference-in-parse-interface"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JP7H-3V7R-9HG4
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.
{
"affected": [],
"aliases": [
"CVE-2017-11052"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-10T20:29:00Z",
"severity": "HIGH"
},
"details": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted QCA_NL80211_VENDOR_SUBCMD_NDP cfg80211 vendor command a buffer over-read can occur.",
"id": "GHSA-jp7h-3v7r-9hg4",
"modified": "2022-05-13T01:42:06Z",
"published": "2022-05-13T01:42:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11052"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101160"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JP8V-23F3-89C2
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758.
{
"affected": [],
"aliases": [
"CVE-2018-9973"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-17T15:29:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758.",
"id": "GHSA-jp8v-23f3-89c2",
"modified": "2022-05-13T01:17:48Z",
"published": "2022-05-13T01:17:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9973"
},
{
"type": "WEB",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-357"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JP92-PQPQ-F69P
Vulnerability from github – Published: 2025-10-16 18:30 – Updated: 2026-05-12 15:31A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
{
"affected": [],
"aliases": [
"CVE-2025-11840"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-16T16:15:37Z",
"severity": "MODERATE"
},
"details": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.",
"id": "GHSA-jp92-pqpq-f69p",
"modified": "2026-05-12T15:31:12Z",
"published": "2025-10-16T18:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11840"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16351"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16357"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33455"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.328775"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.328775"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.661281"
},
{
"type": "WEB",
"url": "https://www.gnu.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JPCG-4WG4-CRMR
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-04-03 18:30Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22501.
{
"affected": [],
"aliases": [
"CVE-2024-30323"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:56Z",
"severity": "HIGH"
},
"details": "Foxit PDF Reader template Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22501.",
"id": "GHSA-jpcg-4wg4-crmr",
"modified": "2024-04-03T18:30:43Z",
"published": "2024-04-03T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30323"
},
{
"type": "WEB",
"url": "https://www.foxit.com/support/security-bulletins.html"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-301"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPCJ-QP4W-PHWJ
Vulnerability from github – Published: 2023-09-07 15:30 – Updated: 2024-04-04 07:32Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-43751"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-07T13:15:08Z",
"severity": "LOW"
},
"details": "Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-jpcj-qp4w-phwj",
"modified": "2024-04-04T07:32:46Z",
"published": "2023-09-07T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43751"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JPF2-6CX5-3QXH
Vulnerability from github – Published: 2022-05-14 01:10 – Updated: 2022-05-14 01:10A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
{
"affected": [],
"aliases": [
"CVE-2019-1798"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-08T20:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.",
"id": "GHSA-jpf2-6cx5-3qxh",
"modified": "2022-05-14T01:10:59Z",
"published": "2022-05-14T01:10:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1798"
},
{
"type": "WEB",
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=12262"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201904-12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.