CWE-788
DiscouragedAccess of Memory Location After End of Buffer
Abstraction: Base · Status: Incomplete
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
283 vulnerabilities reference this CWE, most recent first.
GHSA-7G74-PWC6-8323
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-36078"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious Bridge file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-7g74-pwc6-8323",
"modified": "2022-05-24T19:12:42Z",
"published": "2022-05-24T19:12:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36078"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7RC7-WGWR-3W4R
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-16 00:00Access of Memory Location After End of Buffer (CWE-788)
{
"affected": [],
"aliases": [
"CVE-2021-42732"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T17:15:00Z",
"severity": "HIGH"
},
"details": "Access of Memory Location After End of Buffer (CWE-788)",
"id": "GHSA-7rc7-wgwr-3w4r",
"modified": "2022-06-16T00:00:22Z",
"published": "2022-06-16T00:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42732"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/indesign/apsb21-73.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-82M4-R6JP-V6CV
Vulnerability from github – Published: 2024-03-13 18:31 – Updated: 2024-03-13 18:31Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
{
"affected": [],
"aliases": [
"CVE-2024-0154"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-13T17:15:46Z",
"severity": "LOW"
},
"details": "Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.",
"id": "GHSA-82m4-r6jp-v6cv",
"modified": "2024-03-13T18:31:35Z",
"published": "2024-03-13T18:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0154"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-839R-958M-2C8X
Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2022-06-14 00:00Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
{
"affected": [],
"aliases": [
"CVE-2021-46816"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-13T13:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.",
"id": "GHSA-839r-958m-2c8x",
"modified": "2022-06-14T00:00:35Z",
"published": "2022-06-14T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46816"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8645-V7WF-JMFG
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-42724"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-8645-v7wf-jmfg",
"modified": "2022-03-17T00:00:27Z",
"published": "2022-03-17T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42724"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-94.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8885-FHQR-37CX
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2026-06-02 21:30A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.
{
"affected": [],
"aliases": [
"CVE-2021-27384"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-12T14:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced (All versions \u003c V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.",
"id": "GHSA-8885-fhqr-37cx",
"modified": "2026-06-02T21:30:32Z",
"published": "2022-05-24T19:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27384"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8V6M-6GJC-GH89
Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-21316"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-10T18:16:28Z",
"severity": "MODERATE"
},
"details": "Audition versions 25.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to cause the application to crash or become unresponsive. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-8v6m-6gjc-gh89",
"modified": "2026-02-10T18:30:41Z",
"published": "2026-02-10T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21316"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/audition/apsb26-14.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9493-2H3M-WVCQ
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-43013"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-16T20:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Media Encoder version 15.4.1 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-9493-2h3m-wvcq",
"modified": "2022-05-24T19:20:46Z",
"published": "2022-05-24T19:20:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43013"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-99.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9FWP-25VR-3WQM
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-40767"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-9fwp-25vr-3wqm",
"modified": "2022-03-17T00:00:32Z",
"published": "2022-03-17T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40767"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/character_animator/apsb21-95.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-9GPR-4HVF-X2CX
Vulnerability from github – Published: 2022-05-24 19:16 – Updated: 2022-05-24 19:16Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-39832"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-29T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-9gpr-4hvf-x2cx",
"modified": "2022-05-24T19:16:06Z",
"published": "2022-05-24T19:16:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39832"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb21-74.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.