CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-MPGW-WF67-6MWJ
Vulnerability from github – Published: 2022-05-14 03:57 – Updated: 2022-05-14 03:57The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
{
"affected": [],
"aliases": [
"CVE-2016-10199"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-09T15:59:00Z",
"severity": "HIGH"
},
"details": "The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.",
"id": "GHSA-mpgw-wf67-6mwj",
"modified": "2022-05-14T03:57:55Z",
"published": "2022-05-14T03:57:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10199"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2060"
},
{
"type": "WEB",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=775451"
},
{
"type": "WEB",
"url": "https://gstreamer.freedesktop.org/releases/1.10/#1.10.3"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201705-10"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3820"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/01/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/02/02/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPH9-6GRH-8W42
Vulnerability from github – Published: 2023-01-09 09:30 – Updated: 2023-01-12 21:30Information disclosure due to buffer overread in Core
{
"affected": [],
"aliases": [
"CVE-2022-40519"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-09T08:15:00Z",
"severity": "MODERATE"
},
"details": "Information disclosure due to buffer overread in Core",
"id": "GHSA-mph9-6grh-8w42",
"modified": "2023-01-12T21:30:27Z",
"published": "2023-01-09T09:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40519"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MPJJ-R423-4HJC
Vulnerability from github – Published: 2022-05-13 01:14 – Updated: 2022-05-13 01:14The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.
{
"affected": [],
"aliases": [
"CVE-2018-14017"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-12T20:29:00Z",
"severity": "MODERATE"
},
"details": "The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .class file because of missing input validation in r_bin_java_line_number_table_attr_new.",
"id": "GHSA-mpjj-r423-4hjc",
"modified": "2022-05-13T01:14:39Z",
"published": "2022-05-13T01:14:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14017"
},
{
"type": "WEB",
"url": "https://github.com/radare/radare2/issues/10498"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/e9ce0d64faf19fa4e9c260250fbdf25e3c11e152"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPM8-4RHH-QR48
Vulnerability from github – Published: 2024-12-12 12:31 – Updated: 2024-12-12 12:31Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability.
{
"affected": [],
"aliases": [
"CVE-2024-54115"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-754"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-12T12:15:27Z",
"severity": "MODERATE"
},
"details": "Out-of-bounds read vulnerability in the DASH module\nImpact: Successful exploitation of this vulnerability will affect availability.",
"id": "GHSA-mpm8-4rhh-qr48",
"modified": "2024-12-12T12:31:16Z",
"published": "2024-12-12T12:31:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54115"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-MPPR-FQV2-RW5G
Vulnerability from github – Published: 2022-05-17 02:42 – Updated: 2022-05-17 02:42plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-9301"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-29T19:29:00Z",
"severity": "HIGH"
},
"details": "plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.",
"id": "GHSA-mppr-fqv2-rw5g",
"modified": "2022-05-17T02:42:43Z",
"published": "2022-05-17T02:42:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9301"
},
{
"type": "WEB",
"url": "http://code610.blogspot.com/2017/04/multiple-crashes-in-vlc-224.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98746"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPQ3-JW96-24FR
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-05-24 17:12Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2020-3771"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-25T21:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.",
"id": "GHSA-mpq3-jw96-24fr",
"modified": "2022-05-24T17:12:41Z",
"published": "2022-05-24T17:12:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3771"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb20-14.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MPQ5-CP4R-6MMW
Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.
{
"affected": [],
"aliases": [
"CVE-2020-35531"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-01T18:15:00Z",
"severity": "MODERATE"
},
"details": "In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\\src\\x3f\\x3f_utils_patched.cpp) when reading data from an image file.",
"id": "GHSA-mpq5-cp4r-6mmw",
"modified": "2022-09-08T00:00:31Z",
"published": "2022-09-02T00:01:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35531"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/issues/270"
},
{
"type": "WEB",
"url": "https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPVR-2998-4Q8G
Vulnerability from github – Published: 2021-12-15 00:01 – Updated: 2021-12-16 00:02A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2021-44010"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end of an allocated buffer when parsing TIFF files. An attacker could leverage this vulnerability to leak information in the context of the current process.",
"id": "GHSA-mpvr-2998-4q8g",
"modified": "2021-12-16T00:02:32Z",
"published": "2021-12-15T00:01:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44010"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MPVX-HGX6-JW78
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2025-12-11 15:30In the Linux kernel, the following vulnerability has been resolved:
ntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()
Here is a BUG report from syzbot:
BUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] BUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 Read of size 1 at addr ffff888021acaf3d by task syz-executor128/3632
Call Trace: ntfs_list_ea fs/ntfs3/xattr.c:191 [inline] ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710 vfs_listxattr fs/xattr.c:457 [inline] listxattr+0x293/0x2d0 fs/xattr.c:804
Fix the logic of ea_all iteration. When the ea->name_len is 0, return immediately, or Add2Ptr() would visit invalid memory in the next loop.
[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]
{
"affected": [],
"aliases": [
"CVE-2023-53420"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:45Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs: Fix panic about slab-out-of-bounds caused by ntfs_listxattr()\n\nHere is a BUG report from syzbot:\n\nBUG: KASAN: slab-out-of-bounds in ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]\nBUG: KASAN: slab-out-of-bounds in ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710\nRead of size 1 at addr ffff888021acaf3d by task syz-executor128/3632\n\nCall Trace:\n ntfs_list_ea fs/ntfs3/xattr.c:191 [inline]\n ntfs_listxattr+0x401/0x570 fs/ntfs3/xattr.c:710\n vfs_listxattr fs/xattr.c:457 [inline]\n listxattr+0x293/0x2d0 fs/xattr.c:804\n\nFix the logic of ea_all iteration. When the ea-\u003ename_len is 0,\nreturn immediately, or Add2Ptr() would visit invalid memory\nin the next loop.\n\n[almaz.alexandrovich@paragon-software.com: lines of the patch have changed]",
"id": "GHSA-mpvx-hgx6-jw78",
"modified": "2025-12-11T15:30:30Z",
"published": "2025-09-18T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53420"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c675ddffb17a8b1e32efad5c983254af18b12c2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/721b75ea2dfce53a8890dff92ae01afca8e74f88"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c86a2517df6c9304db8fb12b77136ec7a5d85994"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f3380d895e28a32632eb3609f5bd515adee4e5a1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MPX9-RQPQ-RRW3
Vulnerability from github – Published: 2022-09-17 00:00 – Updated: 2022-09-17 00:00Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2022-28856"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-16T18:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mpx9-rqpq-rrw3",
"modified": "2022-09-17T00:00:32Z",
"published": "2022-09-17T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28856"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb22-50.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.