CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,844 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 19 of 277
- CVE-2018-20019CRITICALCVSS 9.8EG 9.82018-12-19
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
- CVE-2018-20020CRITICALCVSS 9.8EG 9.82018-12-19
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
- CVE-2018-20056CRITICALCVSS 9.8EG 9.82018-12-11
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLan…
- CVE-2018-20177CRITICALCVSS 9.8EG 9.82019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.
- CVE-2018-20181CRITICALCVSS 9.8EG 9.82019-03-15
rdesktop versions up to and including v1.8.3 contain an Integer Underflow that leads to a Heap-Based Buffer Overflow in the function seamless_process() and results in memory corruption and probably even a remote code execution.
- CVE-2018-20184MEDIUMCVSS 6.5EG 6.52018-12-17
In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns c…
- CVE-2018-20194HIGHCVSS 7.8EG 7.82018-12-18
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecifie…
- CVE-2018-20196HIGHCVSS 7.8EG 7.82018-12-18
There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified…
- CVE-2018-20197HIGHCVSS 7.8EG 7.82018-12-18
There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecifie…
- CVE-2018-20230HIGHCVSS 7.8EG 7.82018-12-19
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspeci…
- CVE-2018-20247HIGHCVSS 7.8EG 7.82018-12-24
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack ove…
- CVE-2018-20248CRITICALCVSS 9.8EG 9.82018-12-24
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile…
- CVE-2018-20249HIGHCVSS 8.8EG 8.82018-12-24
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may result in an access violation caused by out…
- CVE-2018-20252HIGHCVSS 7.8EG 7.82019-02-05
In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the curre…
- CVE-2018-20253HIGHCVSS 7.8EG 7.82019-02-13
In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the curre…
- CVE-2018-20305CRITICALCVSS 9.8EG 9.82018-12-20
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lead to a stack-based buffer overflow and o…
- CVE-2018-20309HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
- CVE-2018-20310HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
- CVE-2018-20311HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
- CVE-2018-20312HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a differen…
- CVE-2018-20313HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
- CVE-2018-20314HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
- CVE-2018-20316HIGHCVSS 8.1EG 8.12021-01-07
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a differen…
- CVE-2018-20330HIGHCVSS 8.8EG 8.82018-12-21
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
- CVE-2018-20337HIGHCVSS 8.8EG 8.82018-12-21
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
- CVE-2018-20365MEDIUMCVSS 6.5EG 6.52018-12-22
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
- CVE-2018-20374MEDIUMCVSS 5.5EG 5.52018-12-23
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.
- CVE-2018-20375MEDIUMCVSS 5.5EG 5.52018-12-23
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c.
- CVE-2018-20376MEDIUMCVSS 5.5EG 5.52018-12-23
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.
- CVE-2018-20410HIGHCVSS 7.5EG 7.52018-12-24
WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401.
- CVE-2018-20455MEDIUMCVSS 5.5EG 5.52018-12-25
In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting an input file, a related issue to CVE-20…
- CVE-2018-20460MEDIUMCVSS 5.5EG 5.52018-12-25
In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file.
- CVE-2018-20541HIGHCVSS 8.8EG 8.82018-12-28
There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different ad…
- CVE-2018-20579HIGHCVSS 7.1EG 7.12018-12-28
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
- CVE-2018-20593MEDIUMCVSS 5.5EG 5.52018-12-30
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
- CVE-2018-20616HIGHCVSS 8.8EG 8.82018-12-31
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c.
- CVE-2018-20617HIGHCVSS 8.8EG 8.82018-12-31
ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c.
- CVE-2018-20655CRITICALCVSS 9.8EG 9.82019-06-14
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.…
- CVE-2018-20671MEDIUMCVSS 5.5EG 5.52019-01-04
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
- CVE-2018-20673MEDIUMCVSS 5.5EG 5.52019-01-04
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based…
- CVE-2018-20742HIGHCVSS 7.5EG 7.52019-01-24
An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write.
- CVE-2018-20748CRITICALCVSS 9.8EG 9.82019-01-30
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
- CVE-2018-20749CRITICALCVSS 9.8EG 9.82019-01-30
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
- CVE-2018-20750CRITICALCVSS 9.8EG 9.82019-01-30
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
- CVE-2018-20760HIGHCVSS 7.8EG 7.82019-02-06
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
- CVE-2018-20763HIGHCVSS 7.8EG 7.82019-02-06
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.
- CVE-2018-20819HIGHCVSS 7.8EG 7.82019-04-23
io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image…
- CVE-2018-21010HIGHCVSS 8.8EG 8.82019-09-05
OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
- CVE-2018-21049CRITICALCVSS 9.8EG 9.82020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881…
- CVE-2018-21057CRITICALCVSS 9.8EG 9.82020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018).
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →