CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,848 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 46 of 277
- CVE-2019-2107HIGHCVSS 8.8EG 8.82019-07-08
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for e…
- CVE-2019-2108HIGHCVSS 7.8EG 7.82019-09-05
In ihevcd_ref_list of ihevcd_ref_list.c in Android 10, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is need…
- CVE-2019-2109HIGHCVSS 8.8EG 8.82019-07-08
In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is …
- CVE-2019-2111CRITICALCVSS 9.8EG 9.82019-07-08
In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for…
- CVE-2019-2112HIGHCVSS 7.8EG 7.82019-07-08
In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product…
- CVE-2019-2115HIGHCVSS 7.8EG 7.82019-09-05
In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. Use…
- CVE-2019-2123HIGHCVSS 7.8EG 7.82019-09-05
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no addi…
- CVE-2019-2127HIGHCVSS 7.8EG 7.82019-08-20
In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User intera…
- CVE-2019-2128HIGHCVSS 7.8EG 7.82019-08-20
In ACELP_4t64_fx of c4t64fx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for explo…
- CVE-2019-2133HIGHCVSS 7.8EG 7.82019-08-20
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is need…
- CVE-2019-2134HIGHCVSS 7.8EG 7.82019-08-20
In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2019-2141HIGHCVSS 8.8EG 8.82019-09-27
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-2159HIGHCVSS 8.8EG 8.82019-09-27
In libxaac there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersion…
- CVE-2019-2176HIGHCVSS 7.8EG 7.82019-09-05
In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileg…
- CVE-2019-2178HIGHCVSS 7.8EG 7.82019-09-05
In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional executi…
- CVE-2019-2181HIGHCVSS 7.8EG 7.82019-09-05
In binder_transaction of binder.c in the Android kernel, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2019-2184HIGHCVSS 8.8EG 8.82019-10-11
In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is need…
- CVE-2019-2185HIGHCVSS 8.8EG 8.82019-10-11
In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed f…
- CVE-2019-2186HIGHCVSS 8.8EG 8.82019-10-11
In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat…
- CVE-2019-2188MEDIUMCVSS 6.4EG 6.42019-09-27
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
- CVE-2019-2189MEDIUMCVSS 6.4EG 6.42019-09-27
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers…
- CVE-2019-2201HIGHCVSS 7.8EG 7.82019-11-13
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privilege…
- CVE-2019-2202HIGHCVSS 7.8EG 7.82019-11-13
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n…
- CVE-2019-2203HIGHCVSS 7.8EG 7.82019-11-13
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not n…
- CVE-2019-2205CRITICALCVSS 9.8EG 9.82019-11-13
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not neede…
- CVE-2019-2206HIGHCVSS 8.8EG 8.82019-11-13
In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is needed fo…
- CVE-2019-2207HIGHCVSS 7.8EG 7.82019-11-13
In nfa_hci_handle_admin_gate_rsp of nfa_hci_act.cc, there is a possible out of bound write due to missing bounds checks. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not need…
- CVE-2019-2210HIGHCVSS 7.8EG 7.82019-11-13
In load_logging_config of qmi_vs_service.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ne…
- CVE-2019-2214HIGHCVSS 7.8EG 7.82019-11-13
In binder_transaction of binder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e…
- CVE-2019-2217HIGHCVSS 7.8EG 7.82019-12-06
In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploita…
- CVE-2019-2222HIGHCVSS 7.8EG 7.82019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed f…
- CVE-2019-2223HIGHCVSS 7.8EG 7.82019-12-06
In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploit…
- CVE-2019-2238HIGHCVSS 7.8EG 7.82019-07-25
Lack of check of data type can lead to subsequent loop-expression potentially go negative and the condition will still evaluate to true leading to buffer underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Co…
- CVE-2019-2246HIGHCVSS 7.8EG 7.82019-11-06
Thread start can cause invalid memory writes to arbitrary memory location since the argument is passed by user to kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S…
- CVE-2019-2251HIGHCVSS 7.8EG 7.82019-11-21
If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electroni…
- CVE-2019-2258CRITICALCVSS 9.8EG 9.82019-11-06
Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice…
- CVE-2019-2279CRITICALCVSS 9.8EG 9.82019-07-22
Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, …
- CVE-2019-2283CRITICALCVSS 9.8EG 9.82019-11-06
Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapd…
- CVE-2019-2285CRITICALCVSS 9.8EG 9.82019-11-06
Out of bound write issue is observed while giving information about properties that have been set so far for playing video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,…
- CVE-2019-2287CRITICALCVSS 9.8EG 9.82019-07-22
Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice …
- CVE-2019-2292HIGHCVSS 7.8EG 7.82019-07-22
Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM…
- CVE-2019-2299HIGHCVSS 7.8EG 7.82019-07-25
An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mob…
- CVE-2019-2302CRITICALCVSS 9.8EG 9.82019-11-06
While processing vendor command which contains corrupted channel count, an integer overflow occurs and finally will lead to heap overflow. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdrago…
- CVE-2019-2304HIGHCVSS 7.8EG 7.82019-12-18
Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil…
- CVE-2019-2319HIGHCVSS 7.8EG 7.82019-12-12
HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Network…
- CVE-2019-2320CRITICALCVSS 9.8EG 9.82019-12-12
Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice …
- CVE-2019-2332CRITICALCVSS 9.8EG 9.82019-11-06
Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & M…
- CVE-2019-2336MEDIUMCVSS 5.5EG 5.52019-11-21
Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,…
- CVE-2019-25001HIGHCVSS 7.5EG 7.52020-12-31
An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags.
- CVE-2019-25035CRITICALCVSS 9.8EG 9.82021-04-27
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →