CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,901 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 116 of 279
- CVE-2021-39732HIGHCVSS 7.8EG 7.82022-03-16
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exp…
- CVE-2021-39733MEDIUMCVSS 6.7EG 6.72022-03-16
In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need…
- CVE-2021-39736MEDIUMCVSS 6.7EG 6.72022-03-16
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. …
- CVE-2021-39741HIGHCVSS 7.8EG 7.82022-03-30
In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Android…
- CVE-2021-39786MEDIUMCVSS 6.7EG 6.72022-03-30
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersio…
- CVE-2021-39793HIGHCVSS 7.8EG 9.0⚠ KEV2022-03-16
In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…
- CVE-2021-39814MEDIUMCVSS 6.7EG 6.72022-04-12
In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploi…
- CVE-2021-39820HIGHCVSS 7.8EG 8.82022-06-15
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of…
- CVE-2021-39822HIGHCVSS 7.8EG 7.82023-07-20
Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…
- CVE-2021-39825HIGHCVSS 7.8EG 7.82021-09-27
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…
- CVE-2021-39829HIGHCVSS 7.8EG 7.82021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
- CVE-2021-39831HIGHCVSS 7.8EG 7.82021-09-29
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati…
- CVE-2021-3984HIGHCVSS 7.8EG 7.82021-12-01
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39843HIGHCVSS 7.8EG 7.82021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the…
- CVE-2021-39845MEDIUMCVSS 6.1EG 6.12021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in …
- CVE-2021-39846MEDIUMCVSS 6.1EG 6.12021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in …
- CVE-2021-39990CRITICALCVSS 9.8EG 9.82022-01-03
The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.
- CVE-2021-39996CRITICALCVSS 9.8EG 9.82022-01-10
There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.
- CVE-2021-40000HIGHCVSS 8.8EG 8.82022-01-10
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.
- CVE-2021-40002HIGHCVSS 8.8EG 8.82022-01-10
The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end.
- CVE-2021-40009MEDIUMCVSS 5.3EG 5.32022-01-10
There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
- CVE-2021-40010CRITICALCVSS 9.8EG 9.82022-01-10
The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution.
- CVE-2021-40014HIGHCVSS 7.5EG 7.52022-01-10
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2021-40021HIGHCVSS 7.5EG 7.52022-01-10
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.
- CVE-2021-40026HIGHCVSS 7.5EG 7.52022-01-10
There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
- CVE-2021-40028HIGHCVSS 7.5EG 7.52022-01-10
The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.
- CVE-2021-40036CRITICALCVSS 9.8EG 9.82022-06-13
The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.
- CVE-2021-40057HIGHCVSS 7.5EG 7.52022-03-10
There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
- CVE-2021-40058HIGHCVSS 7.5EG 7.52022-03-10
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
- CVE-2021-40060HIGHCVSS 7.5EG 7.52022-03-10
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.
- CVE-2021-40064HIGHCVSS 7.5EG 7.52022-03-10
There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of this vulnerability may affect system stability.
- CVE-2021-40118HIGHCVSS 8.6EG 7.52021-10-27
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condit…
- CVE-2021-40156HIGHCVSS 7.8EG 7.82021-09-15
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
- CVE-2021-40161HIGHCVSS 7.8EG 7.82021-12-23
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.
- CVE-2021-40163HIGHCVSS 7.8EG 7.82022-10-07
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component.
- CVE-2021-40164HIGHCVSS 7.8EG 7.82022-10-07
A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code.
- CVE-2021-40165HIGHCVSS 7.8EG 7.82022-10-07
A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrar…
- CVE-2021-4019HIGHCVSS 7.8EG 7.82021-12-01
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-40212CRITICALCVSS 9.8EG 9.82022-06-15
An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service.
- CVE-2021-40226HIGHCVSS 7.5EG 7.52022-11-10
xpdfreader 4.03 is vulnerable to Buffer Overflow.
- CVE-2021-40262MEDIUMCVSS 6.5EG 6.52023-08-22
A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
- CVE-2021-40263HIGHCVSS 8.8EG 8.82023-08-22
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
- CVE-2021-40265HIGHCVSS 8.8EG 8.82023-08-22
A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
- CVE-2021-4034HIGHCVSS 7.8EG 9.0⚠ KEV2022-01-28
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current ve…
- CVE-2021-40367HIGHCVSS 7.8EG 7.82024-01-04
A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated…
- CVE-2021-40391CRITICALCVSS 9.8EG 9.82021-11-19
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code exec…
- CVE-2021-40393CRITICALCVSS 9.8EG 9.82021-12-22
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead…
- CVE-2021-40394CRITICALCVSS 9.8EG 7.82021-12-22
An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead…
- CVE-2021-40398HIGHCVSS 7.8EG 7.82022-04-14
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vuln…
- CVE-2021-4040MEDIUMCVSS 5.3EG 5.32022-08-24
A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sust…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →