CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,849 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 50 of 277
- CVE-2019-5602HIGHCVSS 8.8EG 8.82019-07-03
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to t…
- CVE-2019-5608CRITICALCVSS 9.8EG 9.82019-08-30
In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an…
- CVE-2019-5609HIGHCVSS 7.5EG 7.52019-08-30
In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided v…
- CVE-2019-5618HIGHCVSS 7.8EG 7.82020-04-29
A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
- CVE-2019-5619CRITICALCVSS 9.8EG 9.82020-04-29
AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
- CVE-2019-5621HIGHCVSS 7.8EG 7.82020-04-29
ABBS Software Audio Media Player version 3.1 suffers from an instance of CWE-121: Stack-based Buffer Overflow.
- CVE-2019-5684CRITICALCVSS 10.0EG 10.02019-08-06
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code exec…
- CVE-2019-5685CRITICALCVSS 9.8EG 9.82019-08-06
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or c…
- CVE-2019-5690HIGHCVSS 7.8EG 7.82019-11-09
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the size of an input buffer is not validated, which may lead to denial of service or escal…
- CVE-2019-5758HIGHCVSS 8.8EG 8.82019-02-19
Incorrect object lifecycle management in Blink in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5760HIGHCVSS 8.8EG 8.82019-02-19
Insufficient checks of pointer validity in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5761HIGHCVSS 8.8EG 8.82019-02-19
Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5764HIGHCVSS 8.8EG 8.82019-02-19
Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5772HIGHCVSS 8.8EG 8.82019-02-19
Sharing of objects over calls into JavaScript runtime in PDFium in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5782HIGHCVSS 8.8EG 8.82019-02-19
Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- CVE-2019-5784MEDIUMCVSS 6.5EG 6.52019-06-27
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5785MEDIUMCVSS 6.5EG 6.52019-06-27
Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- CVE-2019-5787HIGHCVSS 8.8EG 8.82019-05-23
Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5796HIGHCVSS 7.5EG 7.52019-05-23
Data race in extensions guest view in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5805MEDIUMCVSS 6.5EG 6.52019-06-27
Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5806HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5807HIGHCVSS 8.8EG 8.82019-06-27
Object lifetime issue in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5808HIGHCVSS 8.8EG 8.82019-06-27
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5813HIGHCVSS 8.8EG 8.82019-06-27
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5815HIGHCVSS 7.5EG 7.52019-12-11
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data.
- CVE-2019-5817HIGHCVSS 8.8EG 8.82019-06-27
Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5820HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5821HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5824HIGHCVSS 8.8EG 8.82019-06-27
Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5825MEDIUMCVSS 6.5EG 9.0⚠ KEV2019-11-25
Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5826MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5827HIGHCVSS 8.8EG 8.82019-06-27
Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5831HIGHCVSS 8.8EG 8.82019-06-27
Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5836HIGHCVSS 8.8EG 8.82019-06-27
Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5841HIGHCVSS 8.8EG 8.82019-12-10
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5842MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5843HIGHCVSS 8.8EG 8.82019-12-10
Out of bounds memory access in JavaScript in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5844MEDIUMCVSS 6.5EG 6.52020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5845MEDIUMCVSS 6.5EG 6.52020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5846MEDIUMCVSS 6.5EG 6.52020-01-03
Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5847MEDIUMCVSS 6.5EG 6.52019-11-25
Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5851HIGHCVSS 8.8EG 8.82019-11-25
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5854HIGHCVSS 8.8EG 8.82019-11-25
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5855MEDIUMCVSS 6.5EG 6.52019-11-25
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5857MEDIUMCVSS 6.5EG 6.52019-11-25
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- CVE-2019-5860MEDIUMCVSS 5.5EG 5.52019-11-25
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5866CRITICALCVSS 9.8EG 9.82019-11-25
Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5868MEDIUMCVSS 5.5EG 5.52019-11-25
Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-5869MEDIUMCVSS 6.5EG 6.52019-11-25
Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2019-5871HIGHCVSS 8.8EG 8.82019-11-25
Heap buffer overflow in Skia in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →