CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,902 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 126 of 279
- CVE-2022-1211MEDIUMCVSS 6.3EG 6.52022-04-03
A vulnerability classified as critical has been found in tildearrow Furnace dev73. This affects the FUR to VGM converter in console mode which causes stack-based overflows and crashes. It is possible to initiate the attack remotely but it …
- CVE-2022-1229HIGHCVSS 7.8EG 7.82023-03-28
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a maliciou…
- CVE-2022-1238HIGHCVSS 7.8EG 7.82022-04-06
Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.m…
- CVE-2022-1240HIGHCVSS 7.8EG 7.82022-04-06
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I thi…
- CVE-2022-1253CRITICALCVSS 9.8EG 9.82022-04-06
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
- CVE-2022-1270HIGHCVSS 7.8EG 7.82022-09-28
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
- CVE-2022-1286CRITICALCVSS 9.8EG 9.82022-04-10
heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.
- CVE-2022-1304HIGHCVSS 7.8EG 7.82022-04-14
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
- CVE-2022-1350MEDIUMCVSS 4.3EG 7.82022-04-14
A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can b…
- CVE-2022-1354MEDIUMCVSS 5.5EG 5.52022-08-31
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash …
- CVE-2022-1381HIGHCVSS 7.8EG 7.82022-04-18
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
- CVE-2022-1383MEDIUMCVSS 6.1EG 6.12022-04-18
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memor…
- CVE-2022-1403HIGHCVSS 7.8EG 7.82022-04-29
ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition.
- CVE-2022-1437HIGHCVSS 7.1EG 7.12022-04-22
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memor…
- CVE-2022-1482MEDIUMCVSS 6.5EG 6.52022-07-26
Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1483HIGHCVSS 8.8EG 8.82022-07-26
Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1484HIGHCVSS 8.8EG 8.82022-07-26
Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1489HIGHCVSS 8.8EG 8.82022-07-26
Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
- CVE-2022-1523MEDIUMCVSS 6.1EG 9.12022-10-19
Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a write-what-where condition, which could allow an attacker to overwrite program memory to manipulate the flow of information.
- CVE-2022-1619HIGHCVSS 7.8EG 7.82022-05-08
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
- CVE-2022-1621HIGHCVSS 7.8EG 7.82022-05-10
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
- CVE-2022-1638HIGHCVSS 8.8EG 8.82022-07-26
Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1649MEDIUMCVSS 5.5EG 5.52022-05-10
Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://c…
- CVE-2022-1714HIGHCVSS 7.1EG 7.12022-05-13
Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locati…
- CVE-2022-1733HIGHCVSS 7.8EG 7.82022-05-17
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
- CVE-2022-1737CRITICALCVSS 9.8EG 7.52022-07-12
Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that ma…
- CVE-2022-1785HIGHCVSS 7.8EG 7.82022-05-19
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
- CVE-2022-1841HIGHCVSS 7.2EG 7.22022-08-31
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.
- CVE-2022-1876HIGHCVSS 8.8EG 8.82022-07-27
Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
- CVE-2022-1886HIGHCVSS 7.8EG 7.82022-05-26
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-1888HIGHCVSS 7.8EG 7.82022-08-31
Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.
- CVE-2022-1890MEDIUMCVSS 6.7EG 7.82023-01-26
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.
- CVE-2022-1897HIGHCVSS 7.8EG 7.82022-05-27
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
- CVE-2022-1920HIGHCVSS 7.8EG 7.82022-07-19
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
- CVE-2022-1922HIGHCVSS 7.8EG 7.82022-07-19
DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS.…
- CVE-2022-1923HIGHCVSS 7.8EG 7.82022-07-19
DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending…
- CVE-2022-1924HIGHCVSS 7.8EG 7.82022-07-19
DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending o…
- CVE-2022-1925HIGHCVSS 7.8EG 7.82022-07-19
DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matr…
- CVE-2022-1942HIGHCVSS 7.8EG 7.82022-05-31
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
- CVE-2022-1943HIGHCVSS 7.8EG 5.52022-06-02
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially
- CVE-2022-2000HIGHCVSS 7.8EG 7.82022-06-09
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
- CVE-2022-20009MEDIUMCVSS 6.8EG 6.82022-05-10
In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n…
- CVE-2022-20014MEDIUMCVSS 6.7EG 6.72022-01-04
In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-20025HIGHCVSS 7.8EG 7.82022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-20026HIGHCVSS 7.8EG 7.82022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-20027HIGHCVSS 7.8EG 7.82022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-20028HIGHCVSS 7.8EG 7.82022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID…
- CVE-2022-20030MEDIUMCVSS 6.7EG 6.72022-02-09
In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch I…
- CVE-2022-20038MEDIUMCVSS 6.7EG 6.72022-02-09
In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
- CVE-2022-20040HIGHCVSS 7.8EG 7.82022-02-09
In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →