CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,903 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 137 of 279
- CVE-2022-27293HIGHCVSS 7.5EG 7.52022-04-10
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
- CVE-2022-27294HIGHCVSS 7.5EG 7.52022-04-10
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
- CVE-2022-27295HIGHCVSS 7.5EG 7.52022-04-10
D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.
- CVE-2022-27404CRITICALCVSS 9.8EG 9.82022-04-22
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
- CVE-2022-27418HIGHCVSS 7.8EG 7.82022-04-12
Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.
- CVE-2022-27419MEDIUMCVSS 5.5EG 5.52022-04-12
rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
- CVE-2022-27470HIGHCVSS 7.8EG 7.82022-05-04
SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.
- CVE-2022-27525HIGHCVSS 7.8EG 7.82022-04-18
A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to co…
- CVE-2022-27526HIGHCVSS 7.8EG 7.82022-04-18
A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the …
- CVE-2022-27527HIGHCVSS 7.8EG 7.82022-04-19
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020.
- CVE-2022-27529HIGHCVSS 7.8EG 7.82022-04-18
A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary…
- CVE-2022-27530HIGHCVSS 7.8EG 7.82022-04-18
A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code.
- CVE-2022-27532HIGHCVSS 7.8EG 7.82022-06-16
A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution.
- CVE-2022-27568HIGHCVSS 8.1EG 9.82022-04-11
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27569HIGHCVSS 8.1EG 9.82022-04-11
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27570HIGHCVSS 8.1EG 9.82022-04-11
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27571HIGHCVSS 8.1EG 9.82022-04-11
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27572HIGHCVSS 8.1EG 9.82022-04-11
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
- CVE-2022-27573MEDIUMCVSS 4.4EG 7.22022-04-11
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
- CVE-2022-27574MEDIUMCVSS 4.4EG 7.22022-04-11
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
- CVE-2022-27631CRITICALCVSS 9.8EG 9.82022-08-05
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 - Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this …
- CVE-2022-27653HIGHCVSS 7.8EG 7.82022-05-20
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow a…
- CVE-2022-27666HIGHCVSS 7.8EG 7.82022-03-23
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege …
- CVE-2022-27783HIGHCVSS 7.8EG 7.82022-05-06
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the c…
- CVE-2022-27784HIGHCVSS 7.8EG 7.82022-05-06
Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the c…
- CVE-2022-27787HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curre…
- CVE-2022-27788HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curre…
- CVE-2022-27791HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a stack-based buffer overflow vulnerability due to insecure processing of a font, potentially resulting in arbi…
- CVE-2022-27792HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curre…
- CVE-2022-27793HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curre…
- CVE-2022-27798HIGHCVSS 7.8EG 7.82022-05-11
Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the curre…
- CVE-2022-27835HIGHCVSS 7.6EG 7.82022-04-11
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
- CVE-2022-27865HIGHCVSS 7.8EG 7.82022-07-29
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code.
- CVE-2022-27869HIGHCVSS 7.8EG 7.82022-06-21
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.
- CVE-2022-27870HIGHCVSS 7.8EG 7.82022-06-21
A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.
- CVE-2022-27940HIGHCVSS 7.8EG 7.82022-03-26
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.
- CVE-2022-27941HIGHCVSS 7.8EG 7.82022-03-26
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.
- CVE-2022-27942HIGHCVSS 7.8EG 7.82022-03-26
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.
- CVE-2022-28044CRITICALCVSS 9.8EG 9.82022-04-15
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
- CVE-2022-28068HIGHCVSS 7.5EG 7.52023-08-22
A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.
- CVE-2022-28069HIGHCVSS 7.5EG 7.52023-08-22
A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.
- CVE-2022-28072HIGHCVSS 7.5EG 7.52023-08-22
A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.
- CVE-2022-28082CRITICALCVSS 9.8EG 9.82022-05-04
Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList.
- CVE-2022-28085HIGHCVSS 7.8EG 7.82022-04-27
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).
- CVE-2022-2809HIGHCVSS 8.2EG 8.22022-10-27
A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++ with address sanitizer enabled to find smallest memory corruptions possible. It detected problem in how…
- CVE-2022-28181HIGHCVSS 8.5EG 8.52022-05-17
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to cod…
- CVE-2022-28182HIGHCVSS 8.5EG 8.52022-05-17
NVIDIA GPU Display Driver for Windows contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader, which may…
- CVE-2022-28185MEDIUMCVSS 6.8EG 6.82022-05-17
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.
- CVE-2022-28193MEDIUMCVSS 5.6EG 7.32022-04-27
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which may…
- CVE-2022-28196MEDIUMCVSS 4.6EG 5.72022-04-27
NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker with elevated privileges to cause a memory buffer overflow, which…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →