CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11270 vulnerabilities reference this CWE, most recent first.
GHSA-JPFM-VCPF-R226
Vulnerability from github – Published: 2024-11-28 00:39 – Updated: 2024-11-30 00:32In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2018-9351"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-27T23:15:04Z",
"severity": "MODERATE"
},
"details": "In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.",
"id": "GHSA-jpfm-vcpf-r226",
"modified": "2024-11-30T00:32:14Z",
"published": "2024-11-28T00:39:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9351"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPJW-8CQ8-J6W9
Vulnerability from github – Published: 2022-05-24 17:06 – Updated: 2022-10-12 19:00jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
{
"affected": [],
"aliases": [
"CVE-2020-6625"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-01-09T01:15:00Z",
"severity": "MODERATE"
},
"details": "jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.",
"id": "GHSA-jpjw-8cq8-j6w9",
"modified": "2022-10-12T19:00:39Z",
"published": "2022-05-24T17:06:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6625"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/711220#c3"
},
{
"type": "WEB",
"url": "https://bugs.gentoo.org/876247#c0"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPMC-HHX4-8QCX
Vulnerability from github – Published: 2026-03-17 21:31 – Updated: 2026-03-17 21:31An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-66000"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-17T19:15:59Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.",
"id": "GHSA-jpmc-hhx4-8qcx",
"modified": "2026-03-17T21:31:45Z",
"published": "2026-03-17T21:31:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66000"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2301"
},
{
"type": "WEB",
"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2301"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-JPV4-XX47-257G
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).
{
"affected": [],
"aliases": [
"CVE-2020-27299"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T19:15:00Z",
"severity": "CRITICAL"
},
"details": "The affected product is vulnerable to an out-of-bounds read, which may allow an attacker to obtain and disclose sensitive data information or cause the device to crash on the OPC UA Tunneller (versions prior to 6.3.0.8233).",
"id": "GHSA-jpv4-xx47-257g",
"modified": "2022-05-24T17:40:12Z",
"published": "2022-05-24T17:40:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27299"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-021-03"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JPV6-H2QP-VGPV
Vulnerability from github – Published: 2024-10-30 00:31 – Updated: 2025-02-03 18:30A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2024-9827"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T22:15:09Z",
"severity": "HIGH"
},
"details": "A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.",
"id": "GHSA-jpv6-h2qp-vgpv",
"modified": "2025-02-03T18:30:38Z",
"published": "2024-10-30T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9827"
},
{
"type": "WEB",
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0019"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JPWJ-HWCF-HMR2
Vulnerability from github – Published: 2024-11-18 18:30 – Updated: 2024-12-10 15:32A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)
{
"affected": [],
"aliases": [
"CVE-2024-52574"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-18T16:15:29Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions \u003c V2302.0018), Tecnomatix Plant Simulation V2404 (All versions \u003c V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)",
"id": "GHSA-jpwj-hwcf-hmr2",
"modified": "2024-12-10T15:32:31Z",
"published": "2024-11-18T18:30:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52574"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-645131.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JPX6-HGGQ-P7JR
Vulnerability from github – Published: 2024-11-22 21:32 – Updated: 2024-11-22 21:32Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-52998"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-22T19:15:07Z",
"severity": "MODERATE"
},
"details": "Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-jpx6-hggq-p7jr",
"modified": "2024-11-22T21:32:15Z",
"published": "2024-11-22T21:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52998"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-60.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JPX9-H8VX-J99Q
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-16048"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-02T23:15:00Z",
"severity": "MODERATE"
},
"details": "Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.",
"id": "GHSA-jpx9-h8vx-j99q",
"modified": "2022-05-24T19:19:39Z",
"published": "2022-05-24T19:19:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-16048"
},
{
"type": "WEB",
"url": "https://crbug.com/1174641"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JQ43-MCX6-WP6Q
Vulnerability from github – Published: 2021-12-15 00:01 – Updated: 2021-12-15 00:01A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)
{
"affected": [],
"aliases": [
"CVE-2021-44450"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in JT Utilities (All versions \u003c V12.8.1.1), JTTK (All versions \u003c V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15055, ZDI-CAN-14915, ZDI-CAN-14865)",
"id": "GHSA-jq43-mcx6-wp6q",
"modified": "2021-12-15T00:01:06Z",
"published": "2021-12-15T00:01:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44450"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JQ68-GWVH-R58Q
Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2025-04-20 03:50The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
{
"affected": [],
"aliases": [
"CVE-2017-17935"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-12-27T17:08:00Z",
"severity": "HIGH"
},
"details": "The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip \u0027\\n\u0027 characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.",
"id": "GHSA-jq68-gwvh-r58q",
"modified": "2025-04-20T03:50:34Z",
"published": "2022-05-13T01:44:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17935"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/#/c/24997"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102311"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.