CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,847 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 36 of 277
- CVE-2019-12895HIGHCVSS 7.5EG 7.52019-06-19
In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d.
- CVE-2019-12896HIGHCVSS 7.5EG 7.52019-06-19
Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77.
- CVE-2019-12898CRITICALCVSS 9.8EG 9.82019-06-19
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.
- CVE-2019-12899CRITICALCVSS 9.8EG 9.82019-06-19
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at ntdll!RtlQueueWorkItem+0x00000000000005e3.
- CVE-2019-12900CRITICALCVSS 9.8EG 9.82019-06-19
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- CVE-2019-12937HIGHCVSS 7.8EG 7.82019-06-23
apps/gsudo.c in gsudo in ToaruOS through 1.10.9 has a buffer overflow allowing local privilege escalation to the root user via the DISPLAY environment variable.
- CVE-2019-12951CRITICALCVSS 9.8EG 9.82019-06-24
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
- CVE-2019-1298HIGHCVSS 7.5EG 7.52019-09-11
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, …
- CVE-2019-1300HIGHCVSS 7.5EG 7.52019-09-11
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, …
- CVE-2019-1307HIGHCVSS 7.5EG 7.52019-10-10
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, …
- CVE-2019-1308HIGHCVSS 7.5EG 7.52019-10-10
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, …
- CVE-2019-13083HIGHCVSS 7.8EG 7.82019-06-30
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
- CVE-2019-13084HIGHCVSS 7.8EG 7.82019-06-30
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
- CVE-2019-13085HIGHCVSS 7.8EG 7.82019-06-30
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
- CVE-2019-13104HIGHCVSS 7.8EG 7.82019-08-06
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.
- CVE-2019-13106HIGHCVSS 7.8EG 7.82019-08-06
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.
- CVE-2019-13132CRITICALCVSS 9.8EG 9.82019-07-10
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack…
- CVE-2019-13156HIGHCVSS 7.5EG 7.52019-09-03
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
- CVE-2019-13171CRITICALCVSS 9.8EG 9.82020-03-13
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrar…
- CVE-2019-13192CRITICALCVSS 9.8EG 9.82020-03-13
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.
- CVE-2019-13193HIGHCVSS 8.8EG 8.82020-03-13
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a stack buffer overflow vulnerability as the web server did not parse the cookie value properly. This would allow an attacker to execute arbitrary code on the device.
- CVE-2019-13207CRITICALCVSS 9.8EG 9.82019-07-03
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
- CVE-2019-13217HIGHCVSS 7.8EG 7.82019-08-15
A heap buffer overflow in the start_decoder function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
- CVE-2019-13221HIGHCVSS 7.8EG 7.82019-08-15
A stack buffer overflow in the compute_codewords function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service or execute arbitrary code by opening a crafted Ogg Vorbis file.
- CVE-2019-13242HIGHCVSS 7.8EG 7.82019-07-04
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98.
- CVE-2019-13243HIGHCVSS 7.8EG 7.82019-07-04
IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6.
- CVE-2019-13244HIGHCVSS 7.8EG 7.82019-07-04
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d.
- CVE-2019-13245HIGHCVSS 7.8EG 7.82019-07-04
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1.
- CVE-2019-13246HIGHCVSS 7.8EG 7.82019-07-04
FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601.
- CVE-2019-13247HIGHCVSS 7.8EG 7.82019-07-04
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000024ed.
- CVE-2019-13248HIGHCVSS 7.8EG 7.82019-07-04
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x0000000000002450.
- CVE-2019-13249HIGHCVSS 7.8EG 7.82019-07-04
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9e7a.
- CVE-2019-13250HIGHCVSS 7.8EG 7.82019-07-04
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f.
- CVE-2019-13251HIGHCVSS 7.8EG 7.82019-07-04
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000c47ff.
- CVE-2019-13252HIGHCVSS 7.8EG 7.82019-07-04
ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000001172b0.
- CVE-2019-13253HIGHCVSS 7.8EG 7.82019-07-04
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000385474.
- CVE-2019-13254HIGHCVSS 7.8EG 7.82019-07-04
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000032e808.
- CVE-2019-13255HIGHCVSS 7.8EG 7.82019-07-04
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000327464.
- CVE-2019-13273CRITICALCVSS 9.8EG 9.82019-08-27
In Xymon through 4.3.28, a buffer overflow vulnerability exists in the csvinfo CGI script. The overflow may be exploited by sending a crafted GET request that triggers an sprintf of the srcdb parameter.
- CVE-2019-13276CRITICALCVSS 9.8EG 9.82019-07-10
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by providing a sufficiently long query string whe…
- CVE-2019-13279CRITICALCVSS 9.8EG 9.82019-07-10
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains multiple stack-based buffer overflows when processing user input for the setup wizard, allowing an unauthenticated user to execute arbitrary code. The vulnerability can…
- CVE-2019-13280HIGHCVSS 8.8EG 8.82019-07-09
TRENDnet TEW-827DRU with firmware up to and including 2.04B03 contains a stack-based buffer overflow while returning an error message to the user about failure to resolve a hostname during a ping or traceroute attempt. This allows an authe…
- CVE-2019-13281HIGHCVSS 7.8EG 7.82019-07-04
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows…
- CVE-2019-13290HIGHCVSS 7.8EG 7.82019-07-04
Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that over…
- CVE-2019-13298HIGHCVSS 8.8EG 8.82019-07-05
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/pixel-accessor.h in SetPixelViaPixelInfo because of a MagickCore/enhance.c error.
- CVE-2019-13300HIGHCVSS 8.8EG 8.82019-07-05
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns.
- CVE-2019-13304HIGHCVSS 7.8EG 7.82019-07-05
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment.
- CVE-2019-13305HIGHCVSS 7.8EG 7.82019-07-05
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced strncpy and an off-by-one error.
- CVE-2019-13306HIGHCVSS 7.8EG 7.82019-07-05
ImageMagick 7.0.8-50 Q16 has a stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors.
- CVE-2019-13307HIGHCVSS 7.8EG 7.82019-07-05
ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →