CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,848 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 47 of 277
- CVE-2019-25042CRITICALCVSS 9.8EG 9.82021-04-27
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or local…
- CVE-2019-25050HIGHCVSS 7.8EG 7.82021-07-20
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).
- CVE-2019-25051HIGHCVSS 7.8EG 7.82021-07-20
objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list).
- CVE-2019-25062MEDIUMCVSS 5.3EG 7.82022-06-08
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. …
- CVE-2019-25063MEDIUMCVSS 5.3EG 7.82022-06-08
A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this …
- CVE-2019-25463MEDIUMCVSS 6.2EG 6.22026-03-11
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can pas…
- CVE-2019-25466HIGHCVSS 8.4EG 8.42026-03-11
Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a pay…
- CVE-2019-25467HIGHCVSS 8.4EG 8.42026-03-11
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Pas…
- CVE-2019-25469MEDIUMCVSS 6.2EG 6.22026-03-11
Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary…
- CVE-2019-25474MEDIUMCVSS 6.2EG 6.22026-03-11
Easy MP3 Downloader 4.7.8.8 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long unlock code. Attackers can generate a file containing 6000 'A' characters and paste …
- CVE-2019-25475MEDIUMCVSS 6.2EG 6.22026-03-11
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration C…
- CVE-2019-25476MEDIUMCVSS 6.2EG 6.22026-03-11
Outlook Password Recovery 2.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can create a malicious text file containing 6000 bytes of data and pa…
- CVE-2019-25477MEDIUMCVSS 6.2EG 6.22026-03-11
RAR Password Recovery 1.80 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the registration dialog. Attackers can craft a malicious input string exceeding 6…
- CVE-2019-25478HIGHCVSS 7.5EG 7.52026-03-11
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with o…
- CVE-2019-25484MEDIUMCVSS 6.2EG 6.22026-03-11
WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User …
- CVE-2019-25485MEDIUMCVSS 6.2EG 6.22026-03-11
R 3.4.4 on Windows x64 contains a buffer overflow vulnerability in the GUI Preferences language menu field that allows local attackers to bypass DEP and ASLR protections. Attackers can inject a crafted payload through the Language for menu…
- CVE-2019-25545MEDIUMCVSS 6.2EG 6.22026-03-21
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of dat…
- CVE-2019-25549MEDIUMCVSS 6.2EG 6.22026-03-21
VeryPDF PCL Converter 2.7 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long password string. Attackers can trigger a buffer overflow by entering a 3000-byte pas…
- CVE-2019-25550MEDIUMCVSS 6.2EG 6.22026-03-21
Encrypt PDF 2.3 contains a buffer overflow vulnerability that allows local attackers to crash the application by inputting excessively long strings into password fields. Attackers can paste a 1000-byte buffer into the User Password or Mast…
- CVE-2019-25554MEDIUMCVSS 5.5EG 5.52026-03-21
Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can trigger a buffer overflow by pasting a la…
- CVE-2019-25558MEDIUMCVSS 6.2EG 6.22026-03-21
Selfie Studio 2.17 contains a denial of service vulnerability in the Resize Image function that allows local attackers to crash the application by supplying an excessively long buffer. Attackers can paste a large string of characters into …
- CVE-2019-25561MEDIUMCVSS 6.2EG 6.22026-03-21
Lyric Maker 2.0.1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Title field. Attackers can paste a 5000-byte buffer into the Title input field…
- CVE-2019-25565MEDIUMCVSS 6.2EG 6.22026-03-21
Magic Iso Maker 5.5 build 281 contains a buffer overflow vulnerability in the Serial Code registration field that allows local attackers to crash the application by submitting an oversized input. Attackers can generate a file containing 50…
- CVE-2019-25566MEDIUMCVSS 6.2EG 6.22026-03-21
TransMac 12.3 contains a buffer overflow vulnerability in the volume name field that allows local attackers to crash the application by supplying an excessively long string. Attackers can create a malicious file with 1000 repeated characte…
- CVE-2019-25567MEDIUMCVSS 6.2EG 6.22026-03-21
Valentina Studio 9.0.5 Linux contains a buffer overflow vulnerability in the Host field of the connection dialog that allows local attackers to crash the application by supplying an oversized input string. Attackers can trigger the vulnera…
- CVE-2019-25589MEDIUMCVSS 6.2EG 6.22026-03-22
ZOC Terminal 7.23.4 contains a buffer overflow vulnerability in the Shell field of Program Settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a crafted payload into th…
- CVE-2019-25591MEDIUMCVSS 6.2EG 6.22026-03-22
DNSS Domain Name Search Software 2.1.8 contains a buffer overflow vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can trigger a den…
- CVE-2019-25597MEDIUMCVSS 6.2EG 6.22026-03-22
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Commu…
- CVE-2019-25598MEDIUMCVSS 6.2EG 6.22026-03-22
HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into…
- CVE-2019-25600MEDIUMCVSS 6.5EG 6.52026-03-22
UltraVNC Viewer 1.2.2.4 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized string to the VNC Server input field. Attackers can paste a malicious string containing 256 repeate…
- CVE-2019-25601MEDIUMCVSS 6.2EG 6.22026-03-22
UltraVNC Launcher 1.2.2.4 contains a buffer overflow vulnerability in the Path vncviewer.exe property field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 300-byte payloa…
- CVE-2019-25603HIGHCVSS 8.4EG 8.42026-03-22
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled …
- CVE-2019-25604HIGHCVSS 8.4EG 8.42026-03-22
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf …
- CVE-2019-25606MEDIUMCVSS 5.5EG 5.52026-03-22
Fast AVI MPEG Joiner 1.2.0812 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload in the License Name field. Attackers can create a malicious text file containing …
- CVE-2019-25607HIGHCVSS 8.4EG 8.42026-03-22
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 byt…
- CVE-2019-25609HIGHCVSS 8.4EG 8.42026-03-22
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric en…
- CVE-2019-25611HIGHCVSS 8.4EG 8.42026-03-22
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values…
- CVE-2019-25612HIGHCVSS 7.8EG 7.82026-03-22
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can…
- CVE-2019-25615HIGHCVSS 8.4EG 8.42026-03-22
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can cr…
- CVE-2019-25619HIGHCVSS 8.4EG 8.42026-03-22
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name …
- CVE-2019-25634HIGHCVSS 7.8EG 8.42026-03-24
Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input file that o…
- CVE-2019-25644MEDIUMCVSS 6.2EG 6.22026-03-24
WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Attackers can paste a large payload of 6000…
- CVE-2019-25648MEDIUMCVSS 6.2EG 6.22026-03-26
MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. Attackers can paste a malicious payload c…
- CVE-2019-25650HIGHCVSS 8.4EG 8.42026-03-26
River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc.dll name field. Attackers can craft a …
- CVE-2019-25654HIGHCVSS 7.5EG 7.52026-03-30
Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of…
- CVE-2019-25656HIGHCVSS 8.4EG 8.42026-04-05
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler (SEH) overwrite by supplying malicious input. Attackers can craft a payload str…
- CVE-2019-25658MEDIUMCVSS 5.5EG 5.52026-04-05
a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Nam…
- CVE-2019-25659MEDIUMCVSS 6.2EG 6.22026-04-05
ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project nam…
- CVE-2019-25660MEDIUMCVSS 6.2EG 6.22026-04-05
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into …
- CVE-2019-25661MEDIUMCVSS 6.2EG 6.22026-04-05
Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the com…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →