Common Weakness Enumeration

CWE-788

Discouraged

Access of Memory Location After End of Buffer

Abstraction: Base · Status: Incomplete

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

283 vulnerabilities reference this CWE, most recent first.

GHSA-4W4G-929C-6H4W

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-4w4g-929c-6h4w",
  "modified": "2022-05-24T19:15:45Z",
  "published": "2022-05-24T19:15:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40702"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-78.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5Q6H-JMV7-WP3Q

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-5q6h-jmv7-wp3q",
  "modified": "2022-05-24T19:15:45Z",
  "published": "2022-05-24T19:15:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40703"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-78.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6758-FPVV-3G4H

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36069"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-01T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-6758-fpvv-3g4h",
  "modified": "2022-05-24T19:12:43Z",
  "published": "2022-05-24T19:12:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36069"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-6M9P-H3PQ-4R35

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28605"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-24T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-6m9p-h3pq-4r35",
  "modified": "2022-05-24T19:12:02Z",
  "published": "2022-05-24T19:12:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28605"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-49.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6RJ9-5JWW-Q88J

Vulnerability from github – Published: 2024-04-12 15:37 – Updated: 2025-02-06 21:32
VLAI
Details

An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.

This issue affects:

Junos OS: * from 21.4 before 21.4R3-S4, 

  • from 22.1 before 22.1R3-S4, 

  • from 22.2 before 22.2R3-S2, 

  • from 22.3 before 22.3R2-S2, 22.3R3-S1, 

  • from 22.4 before 22.4R3, 

  • from 23.2 before 23.2R2.

Junos OS Evolved: * from 21.4-EVO before 21.4R3-S5-EVO, 

  • from 22.1-EVO before 22.1R3-S4-EVO, 

  • from 22.2-EVO before 22.2R3-S2-EVO, 

  • from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO, 

  • from 22.4-EVO before 22.4R3-EVO, 

  • from 23.2-EVO before 23.2R2-EVO.

This issue does not affect: * Junos OS versions prior to 21.4R1;

  • Junos OS Evolved versions prior to 21.4R1-EVO.
Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-21618"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-12T15:15:24Z",
    "severity": "MODERATE"
  },
  "details": "An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJunos OS:\n  *  from 21.4 before 21.4R3-S4,\u00a0\n\n  *  from 22.1 before 22.1R3-S4,\u00a0\n\n  *  from 22.2 before 22.2R3-S2,\u00a0\n\n  *  from 22.3 before 22.3R2-S2, 22.3R3-S1,\u00a0\n\n  *  from 22.4 before 22.4R3,\u00a0\n\n  *  from 23.2 before 23.2R2.\n\n\n\n\n Junos OS Evolved:\n  *  from 21.4-EVO before 21.4R3-S5-EVO,\u00a0\n\n  *  from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n\n  *  from 22.2-EVO before 22.2R3-S2-EVO,\u00a0\n\n  *  from 22.3-EVO before 22.3R2-S2-EVO, 22.3R3-S1-EVO,\u00a0\n\n  *  from 22.4-EVO before 22.4R3-EVO,\u00a0\n\n  *  from 23.2-EVO before 23.2R2-EVO.\n\n\n\n\nThis issue does not affect:\n  *  Junos OS versions prior to 21.4R1;\n\n  *  Junos OS Evolved versions prior to 21.4R1-EVO.",
  "id": "GHSA-6rj9-5jww-q88j",
  "modified": "2025-02-06T21:32:04Z",
  "published": "2024-04-12T15:37:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21618"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA75759"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6VH7-7H6M-H6FV

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00
VLAI
Details

Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40765"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-6vh7-7h6m-h6fv",
  "modified": "2022-03-17T00:00:32Z",
  "published": "2022-03-17T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40765"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/character_animator/apsb21-95.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-735R-P43F-Q5J4

Vulnerability from github – Published: 2021-12-21 00:00 – Updated: 2021-12-21 00:00
VLAI
Details

Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-20T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-735r-p43f-q5j4",
  "modified": "2021-12-21T00:00:27Z",
  "published": "2021-12-21T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43021"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-73FQ-2W5V-3MGM

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-08-06 00:00
VLAI
Details

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-11T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-73fq-2w5v-3mgm",
  "modified": "2022-08-06T00:00:38Z",
  "published": "2022-05-24T17:41:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21058"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7454-V928-Q2CM

Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-08-06 00:00
VLAI
Details

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21062"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-11T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-7454-v928-q2cm",
  "modified": "2022-08-06T00:00:38Z",
  "published": "2022-05-24T17:42:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21062"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75CQ-7GX4-GWPC

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36068"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-01T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-75cq-7gx4-gwpc",
  "modified": "2022-05-24T19:12:43Z",
  "published": "2022-05-24T19:12:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36068"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.