CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11267 vulnerabilities reference this CWE, most recent first.
GHSA-JQGJ-8H88-4X89
Vulnerability from github – Published: 2025-08-05 15:30 – Updated: 2025-11-03 21:34An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-47152"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-05T15:15:29Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.",
"id": "GHSA-jqgj-8h88-4x89",
"modified": "2025-11-03T21:34:20Z",
"published": "2025-08-05T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47152"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2203"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2203"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JQGW-52H6-835C
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 .
{
"affected": [],
"aliases": [
"CVE-2020-19466"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-21T18:15:00Z",
"severity": "MODERATE"
},
"details": "An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 .",
"id": "GHSA-jqgw-52h6-835c",
"modified": "2022-05-24T19:08:33Z",
"published": "2022-05-24T19:08:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-19466"
},
{
"type": "WEB",
"url": "https://github.com/flexpaper/pdf2json/issues/27"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-JQP9-4G4M-74GQ
Vulnerability from github – Published: 2022-05-24 21:59 – Updated: 2022-05-24 21:59njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
{
"affected": [],
"aliases": [
"CVE-2019-12207"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-20T14:29:00Z",
"severity": "CRITICAL"
},
"details": "njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.",
"id": "GHSA-jqp9-4g4m-74gq",
"modified": "2022-05-24T21:59:52Z",
"published": "2022-05-24T21:59:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12207"
},
{
"type": "WEB",
"url": "https://github.com/nginx/njs/issues/168"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR25-XHW2-XWV9
Vulnerability from github – Published: 2024-02-13 15:31 – Updated: 2024-10-17 15:31Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
{
"affected": [],
"aliases": [
"CVE-2024-23440"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-13T15:15:09Z",
"severity": "MODERATE"
},
"details": "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.",
"id": "GHSA-jr25-xhw2-xwv9",
"modified": "2024-10-17T15:31:06Z",
"published": "2024-02-13T15:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23440"
},
{
"type": "WEB",
"url": "https://fluidattacks.com/advisories/adderley"
},
{
"type": "WEB",
"url": "https://www.anti-virus.by/vba32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR2G-CV62-4VCW
Vulnerability from github – Published: 2021-12-31 00:00 – Updated: 2025-11-04 00:30Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
{
"affected": [],
"aliases": [
"CVE-2021-4181"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-74"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-30T22:15:00Z",
"severity": "HIGH"
},
"details": "Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file",
"id": "GHSA-jr2g-cv62-4vcw",
"modified": "2025-11-04T00:30:30Z",
"published": "2021-12-31T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4181"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4181.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/5429"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-04"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-21.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR2G-FRFQ-V8G3
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951
{
"affected": [],
"aliases": [
"CVE-2018-9507"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-10-02T19:29:00Z",
"severity": "MODERATE"
},
"details": "In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951",
"id": "GHSA-jr2g-frfq-v8g3",
"modified": "2022-05-14T01:57:51Z",
"published": "2022-05-14T01:57:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9507"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-10-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105482"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JR2R-57F7-7QGQ
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-07-03 18:40HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.
{
"affected": [],
"aliases": [
"CVE-2024-32614"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:36:46Z",
"severity": "HIGH"
},
"details": "HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.",
"id": "GHSA-jr2r-57f7-7qgq",
"modified": "2024-07-03T18:40:33Z",
"published": "2024-05-14T18:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32614"
},
{
"type": "WEB",
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR2W-MC6V-CFPJ
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-07-06 18:30In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix buffer over-read in rtw_update_protection
rtw_update_protection() is called with a pointer offset into the ies buffer but the full ie_length is passed, causing a potential buffer over-read.
{
"affected": [],
"aliases": [
"CVE-2026-53179"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:35Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix buffer over-read in rtw_update_protection\n\nrtw_update_protection() is called with a pointer offset into the\nies buffer but the full ie_length is passed, causing a potential\nbuffer over-read.",
"id": "GHSA-jr2w-mc6v-cfpj",
"modified": "2026-07-06T18:30:37Z",
"published": "2026-06-25T09:31:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53179"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/303f65af819f6d5aa302e82bce72b57a8575faea"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/514ab98364595007d4557ecc85d7e5f012c504d3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/735dabdf21561a24d8bcae456c9c32f7f961a029"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c35ce55b12bb8fcd365daeb516e9782048119b36"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR4H-682W-X2PH
Vulnerability from github – Published: 2023-12-08 18:30 – Updated: 2024-07-08 18:31An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
{
"affected": [],
"aliases": [
"CVE-2023-6610"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-08T17:15:07Z",
"severity": "HIGH"
},
"details": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
"id": "GHSA-jr4h-682w-x2ph",
"modified": "2024-07-08T18:31:14Z",
"published": "2023-12-08T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6610"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0723"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0724"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0725"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0881"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0897"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1248"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1404"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-6610"
},
{
"type": "WEB",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=218219"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253614"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JR54-5C7X-45MX
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.
{
"affected": [],
"aliases": [
"CVE-2018-14585"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-24T16:29:00Z",
"severity": "HIGH"
},
"details": "An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.",
"id": "GHSA-jr54-5c7x-45mx",
"modified": "2022-05-13T01:49:59Z",
"published": "2022-05-13T01:49:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14585"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/299"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.