CWE-193
AllowedOff-by-one Error
Abstraction: Base · Status: Draft
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
256 vulnerabilities reference this CWE, most recent first.
GHSA-CM9V-3MPG-X2W6
Vulnerability from github – Published: 2021-12-15 00:01 – Updated: 2021-12-16 00:02A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.
{
"affected": [],
"aliases": [
"CVE-2021-44007"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2.0.5), Teamcenter Visualization (All versions \u003c V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted TIFF files. This could allow an attacker to cause a denial-of-service condition.",
"id": "GHSA-cm9v-3mpg-x2w6",
"modified": "2021-12-16T00:02:33Z",
"published": "2021-12-15T00:01:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44007"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CMG3-VM26-F974
Vulnerability from github – Published: 2026-07-14 18:32 – Updated: 2026-07-14 18:32Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.
{
"affected": [],
"aliases": [
"CVE-2026-50497"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T18:17:56Z",
"severity": "MODERATE"
},
"details": "Off-by-one error in Windows Remote Desktop Protocol allows an unauthorized attacker to disclose information over a network.",
"id": "GHSA-cmg3-vm26-f974",
"modified": "2026-07-14T18:32:28Z",
"published": "2026-07-14T18:32:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-50497"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50497"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-CR6R-HMJ8-PR7R
Vulnerability from github – Published: 2026-05-18 17:48 – Updated: 2026-06-11 13:30An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-HDRI-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q16-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-AnyCPU"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-OpenMP-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x64"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Magick.NET-Q8-x86"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-45358"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-193"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-18T17:48:14Z",
"nvd_published_at": "2026-06-10T22:16:57Z",
"severity": "MODERATE"
},
"details": "An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder.",
"id": "GHSA-cr6r-hmj8-pr7r",
"modified": "2026-06-11T13:30:39Z",
"published": "2026-05-18T17:48:14Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cr6r-hmj8-pr7r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45358"
},
{
"type": "PACKAGE",
"url": "https://github.com/ImageMagick/ImageMagick"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "ImageMagick: Out-of-Bounds Read of a single byte in meta encoder"
}
GHSA-CWPV-5V9V-5797
Vulnerability from github – Published: 2022-11-09 12:00 – Updated: 2025-05-02 18:31An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2022-3821"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-08T22:15:00Z",
"severity": "MODERATE"
},
"details": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.",
"id": "GHSA-cwpv-5v9v-5797",
"modified": "2025-05-02T18:31:24Z",
"published": "2022-11-09T12:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3821"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/issues/23928"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/pull/23933"
},
{
"type": "WEB",
"url": "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139327"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-15"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CX6H-86XW-9X34
Vulnerability from github – Published: 2023-07-06 21:14 – Updated: 2024-04-24 19:16The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "11.0.0-M2"
},
{
"fixed": "11.0.0-M5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.1.5"
},
{
"fixed": "10.1.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat.embed:tomcat-embed-core"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.71"
},
{
"fixed": "9.0.74"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat-coyote"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.85"
},
{
"fixed": "8.5.88"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-28709"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-06T23:34:50Z",
"nvd_published_at": "2023-05-22T11:15:09Z",
"severity": "HIGH"
},
"details": "The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.",
"id": "GHSA-cx6h-86xw-9x34",
"modified": "2024-04-24T19:16:49Z",
"published": "2023-07-06T21:14:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28709"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/5badf94e79e5de206fc0ef3054fd536b1bb787cd"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/d53d8e7f77042cc32a3b98f589496a1ef5088e38"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-37"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230616-0004"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-10.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-11.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-8.html"
},
{
"type": "WEB",
"url": "https://tomcat.apache.org/security-9.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5521"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/05/22/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Tomcat - Fix for CVE-2023-24998 was incomplete"
}
GHSA-CX83-C67H-H9GR
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
{
"affected": [],
"aliases": [
"CVE-2018-14682"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-28T23:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.",
"id": "GHSA-cx83-c67h-h9gr",
"modified": "2022-05-13T01:10:32Z",
"published": "2022-05-13T01:10:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14682"
},
{
"type": "WEB",
"url": "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3327"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/904800"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-20"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3728-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3728-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3728-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3789-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4260"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/1"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041410"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F38W-MWF7-VV8P
Vulnerability from github – Published: 2026-06-30 15:30 – Updated: 2026-06-30 15:30In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs (0 through 14). This causes an out-of-bounds write / small memory corruption during association processing before the 4-way handshake. The attack does not require network credentials, prior authentication, or user interaction. The confirmed practical impact is denial of service through hostapd process termination. This affects hostapd v2.11 and newer development snapshots before v2.12 when built with CONFIG_IEEE80211BE enabled. The issue is fixed in hostapd v2.12 and the upstream 2026-1 fixes.
{
"affected": [],
"aliases": [
"CVE-2026-58374"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-30T13:19:18Z",
"severity": "MODERATE"
},
"details": "In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 (IEEE 802.11be) Multi-Link Operation (MLO) association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile subelement. In hostapd_process_ml_assoc_req() in src/ap/ieee802_11_eht.c, the received link_id field can be parsed as value 15, but the corresponding links[] storage only has valid entries for lower link IDs (0 through 14). This causes an out-of-bounds write / small memory corruption during association processing before the 4-way handshake. The attack does not require network credentials, prior authentication, or user interaction. The confirmed practical impact is denial of service through hostapd process termination. This affects hostapd v2.11 and newer development snapshots before v2.12 when built with CONFIG_IEEE80211BE enabled. The issue is fixed in hostapd v2.12 and the upstream 2026-1 fixes.",
"id": "GHSA-f38w-mwf7-vv8p",
"modified": "2026-06-30T15:30:45Z",
"published": "2026-06-30T15:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-58374"
},
{
"type": "WEB",
"url": "https://git.w1.fi/cgit/hostap/commit/?id=46dd5a4ffc9bcf44cf8fc45120b3e1e5ec922187"
},
{
"type": "WEB",
"url": "https://git.w1.fi/cgit/hostap/commit/?id=aa9d345887389a251c63a3781d2ad2940d079193"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2026-1"
},
{
"type": "WEB",
"url": "https://w1.fi/security/2026-1/missing-ml-parsing-validation.txt"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2026/06/30/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FCHC-223X-3CPC
Vulnerability from github – Published: 2022-12-23 00:30 – Updated: 2022-12-28 21:30A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-36354"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-12-22T22:15:00Z",
"severity": "MODERATE"
},
"details": "A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-fchc-223x-3cpc",
"modified": "2022-12-28T21:30:21Z",
"published": "2022-12-23T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36354"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3LET4MEPBSBJZK4EMLEBY4FUXKU5BMN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-33"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-FH2C-3J7R-HVGV
Vulnerability from github – Published: 2025-04-14 21:32 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
The > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of bounds access.
{
"affected": [],
"aliases": [
"CVE-2022-49365"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:01:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()\n\nThe \u003e ARRAY_SIZE() should be \u003e= ARRAY_SIZE() to prevent an out of bounds\naccess.",
"id": "GHSA-fh2c-3j7r-hvgv",
"modified": "2025-04-14T21:32:22Z",
"published": "2025-04-14T21:32:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49365"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/607c5cd1a08e196d9f2bd3b25a8083ed27ad7ceb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a35faec3db0e13aac8ea720bc1a3503081dd5a3d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0808b7a04157b3f56e919f27023fec37a075fad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec9ec3bc08b18c5b1b2feafd306ea7c348013898"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-FHCF-VPM9-JPHV
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2022-05-24 16:44An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.
{
"affected": [],
"aliases": [
"CVE-2019-10131"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-30T19:29:00Z",
"severity": "HIGH"
},
"details": "An off-by-one read vulnerability was discovered in ImageMagick before version 7.0.7-28 in the formatIPTCfromBuffer function in coders/meta.c. A local attacker may use this flaw to read beyond the end of the buffer or to crash the program.",
"id": "GHSA-fhcf-vpm9-jphv",
"modified": "2022-05-24T16:44:54Z",
"published": "2022-05-24T16:44:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10131"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/commit/cb1214c124e1bd61f7dd551b94a794864861592e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10131"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4034-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00051.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/108117"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
When copying character arrays or using character manipulation methods, the correct size parameter must be used to account for the null terminator that needs to be added at the end of the array. Some examples of functions susceptible to this weakness in C include strcpy(), strncpy(), strcat(), strncat(), printf(), sprintf(), scanf() and sscanf().
No CAPEC attack patterns related to this CWE.