CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 115 of 279
- CVE-2021-39263HIGHCVSS 7.8EG 7.82021-09-07
A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G < 2021.8.22.
- CVE-2021-3927HIGHCVSS 7.8EG 7.82021-11-05
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39275CRITICALCVSS 9.8EG 9.82021-09-16
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlie…
- CVE-2021-3928HIGHCVSS 7.8EG 7.82021-11-05
vim is vulnerable to Use of Uninitialized Variable
- CVE-2021-39306CRITICALCVSS 9.8EG 9.82021-12-22
A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.
- CVE-2021-39518MEDIUMCVSS 6.5EG 6.52021-09-20
An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow.
- CVE-2021-39522HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based buffer overflow.
- CVE-2021-39525HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-based buffer overflow.
- CVE-2021-39527HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-based buffer overflow.
- CVE-2021-39530HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based buffer overflow.
- CVE-2021-39531HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buffer overflow.
- CVE-2021-39533HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow.
- CVE-2021-39534HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-based buffer overflow.
- CVE-2021-39536HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow.
- CVE-2021-39537HIGHCVSS 8.8EG 8.82021-09-20
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.
- CVE-2021-39540HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in pdftools through 20200714. A stack-buffer-overflow exists in the function Analyze::AnalyzePages() located in analyze.cpp. It allows an attacker to cause code Execution.
- CVE-2021-39544HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a heap-based buffer overflow.
- CVE-2021-39546HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp has a heap-based buffer overflow.
- CVE-2021-39550HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp has a heap-based buffer overflow.
- CVE-2021-39551HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has a heap-based buffer overflow.
- CVE-2021-39552HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a heap-based buffer overflow.
- CVE-2021-39558HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage() located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution.
- CVE-2021-39561HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() located in Gfx.cc. It allows an attacker to cause code Execution.
- CVE-2021-39564HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause code Execution.
- CVE-2021-39569HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution.
- CVE-2021-39574HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in pool.c. It allows an attacker to cause code Execution.
- CVE-2021-39577HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump.c. It allows an attacker to cause code Execution.
- CVE-2021-39579HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in q.c. It allows an attacker to cause code Execution.
- CVE-2021-39582HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() located in swfobject.c. It allows an attacker to cause code Execution.
- CVE-2021-39595HIGHCVSS 7.8EG 7.82021-09-20
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function rfx_alloc() located in mem.c. It allows an attacker to cause code Execution.
- CVE-2021-39623CRITICALCVSS 9.8EG 9.82022-01-14
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not need…
- CVE-2021-39632HIGHCVSS 7.8EG 7.82022-01-14
In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for expl…
- CVE-2021-39640HIGHCVSS 7.8EG 7.82021-12-15
In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo…
- CVE-2021-39650MEDIUMCVSS 6.7EG 6.72021-12-15
In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: An…
- CVE-2021-39652MEDIUMCVSS 6.7EG 6.72021-12-15
In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
- CVE-2021-39661HIGHCVSS 7.8EG 7.82022-11-08
In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User…
- CVE-2021-39665MEDIUMCVSS 6.5EG 6.52022-02-11
In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for …
- CVE-2021-39667MEDIUMCVSS 6.5EG 6.52022-03-16
In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction …
- CVE-2021-39675CRITICALCVSS 9.8EG 9.82022-02-11
In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp…
- CVE-2021-3968HIGHCVSS 8.0EG 8.02021-11-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39682HIGHCVSS 7.8EG 7.82022-01-14
In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not…
- CVE-2021-39683MEDIUMCVSS 6.7EG 6.72022-01-14
In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi…
- CVE-2021-39685HIGHCVSS 7.8EG 7.82022-03-16
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- CVE-2021-39708CRITICALCVSS 9.8EG 9.82022-03-16
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not…
- CVE-2021-39718MEDIUMCVSS 6.7EG 6.72022-03-16
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User…
- CVE-2021-39719MEDIUMCVSS 6.7EG 6.72022-03-16
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for …
- CVE-2021-39721MEDIUMCVSS 6.7EG 6.72022-03-16
In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
- CVE-2021-39729MEDIUMCVSS 6.7EG 6.72022-03-16
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: A…
- CVE-2021-3973HIGHCVSS 7.8EG 7.82021-11-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39731MEDIUMCVSS 6.7EG 6.72022-03-16
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →