CWE-125— Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
8,186 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-125page 126 of 164
- CVE-2024-47602HIGHCVSS 7.5EG 7.52024-12-12
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not pr…
- CVE-2024-47721HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CA…
- CVE-2024-47723HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted ima…
- CVE-2024-47757HIGHCVSS 7.1EG 7.12024-10-21
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before d…
- CVE-2024-47774CRITICALCVSS 9.1EG 9.12024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value …
- CVE-2024-47775CRITICALCVSS 9.1EG 9.12024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains suff…
- CVE-2024-47776CRITICALCVSS 9.1EG 9.12024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer…
- CVE-2024-47777CRITICALCVSS 9.1EG 9.12024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data +…
- CVE-2024-47778HIGHCVSS 7.5EG 7.52024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the siz…
- CVE-2024-47940HIGHCVSS 7.8EG 7.82024-11-12
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could…
- CVE-2024-47941HIGHCVSS 7.8EG 7.82024-11-12
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could…
- CVE-2024-47965HIGHCVSS 7.8EG 7.82024-10-10
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability t…
- CVE-2024-48208HIGHCVSS 8.6EG 8.62024-10-24
pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in the domlsd() function of the ls.c file.
- CVE-2024-48456HIGHCVSS 7.5EG 7.52025-01-06
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Ne…
- CVE-2024-48457HIGHCVSS 7.5EG 7.52025-01-06
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Ne…
- CVE-2024-48855MEDIUMCVSS 5.3EG 5.32025-01-14
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec.
- CVE-2024-48957HIGHCVSS 7.8EG 7.82024-10-10
execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
- CVE-2024-48958HIGHCVSS 7.8EG 7.82024-10-10
execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst.
- CVE-2024-49028HIGHCVSS 7.8EG 7.82024-11-12
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2024-49065MEDIUMCVSS 5.5EG 5.52024-12-12
Microsoft Office Remote Code Execution Vulnerability
- CVE-2024-49077MEDIUMCVSS 6.8EG 6.82024-12-12
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- CVE-2024-49078MEDIUMCVSS 6.8EG 6.82024-12-12
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- CVE-2024-49083MEDIUMCVSS 6.8EG 6.82024-12-12
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- CVE-2024-49092MEDIUMCVSS 6.8EG 6.82024-12-12
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- CVE-2024-49098MEDIUMCVSS 4.3EG 4.32024-12-12
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
- CVE-2024-49099MEDIUMCVSS 4.3EG 4.32024-12-12
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
- CVE-2024-49101MEDIUMCVSS 6.6EG 6.62024-12-12
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
- CVE-2024-49103MEDIUMCVSS 4.3EG 4.32024-12-12
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
- CVE-2024-49109MEDIUMCVSS 6.6EG 6.62024-12-12
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
- CVE-2024-49110MEDIUMCVSS 6.8EG 6.82024-12-12
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
- CVE-2024-49111MEDIUMCVSS 6.6EG 6.62024-12-12
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
- CVE-2024-49113HIGHCVSS 7.5EG 9.02024-12-12
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
- CVE-2024-49197MEDIUMCVSS 6.5EG 6.52025-05-27
An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.
- CVE-2024-49510MEDIUMCVSS 5.5EG 5.52024-11-12
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49511MEDIUMCVSS 5.5EG 5.52024-11-12
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49512MEDIUMCVSS 5.5EG 5.52024-11-12
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49527MEDIUMCVSS 5.5EG 5.52024-11-12
Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitati…
- CVE-2024-49529MEDIUMCVSS 5.5EG 5.52024-11-21
InDesign Desktop versions 19.0, 20.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Explo…
- CVE-2024-49532MEDIUMCVSS 5.5EG 5.52024-12-10
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this…
- CVE-2024-49533MEDIUMCVSS 5.5EG 5.52024-12-10
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this…
- CVE-2024-49534MEDIUMCVSS 5.5EG 5.52024-12-10
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this…
- CVE-2024-49536MEDIUMCVSS 5.5EG 5.52024-11-15
Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitat…
- CVE-2024-49541MEDIUMCVSS 5.5EG 5.52024-12-10
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploi…
- CVE-2024-49546MEDIUMCVSS 5.5EG 5.52024-12-10
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49547MEDIUMCVSS 5.5EG 5.52024-12-10
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49548MEDIUMCVSS 5.5EG 5.52024-12-10
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49549MEDIUMCVSS 5.5EG 5.52024-12-10
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.…
- CVE-2024-49838HIGHCVSS 8.2EG 8.22025-02-03
Information disclosure while parsing the OCI IE with invalid length.
- CVE-2024-49839HIGHCVSS 8.2EG 8.22025-02-03
Memory corruption during management frame processing due to mismatch in T2LM info element.
- CVE-2024-49846HIGHCVSS 8.2EG 8.22025-05-06
Memory corruption while decoding of OTA messages from T3448 IE.
Map vulnerabilities like CWE-125 to your infrastructure
EchelonGraph correlates every CVE — across CWE-125 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →