CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,849 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 59 of 277
- CVE-2019-9719HIGHCVSS 8.8EG 8.82019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute …
- CVE-2019-9720MEDIUMCVSS 6.5EG 6.52019-09-19
A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf.
- CVE-2019-9729HIGHCVSS 7.8EG 7.82019-03-12
In Shanda MapleStory Online V160, the SdoKeyCrypt.sys driver allows privilege escalation to NT AUTHORITY\SYSTEM because of not validating the IOCtl 0x8000c01c input value, leading to an integer signedness error and a heap-based buffer unde…
- CVE-2019-9754MEDIUMCVSS 5.5EG 5.52019-03-13
An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.
- CVE-2019-9755HIGHCVSS 7.0EG 7.02019-06-05
An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting …
- CVE-2019-9760CRITICALCVSS 9.8EG 9.82019-03-14
FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption.
- CVE-2019-9766HIGHCVSS 7.8EG 7.82019-03-14
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file.
- CVE-2019-9767HIGHCVSS 7.8EG 7.82019-03-14
Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file.
- CVE-2019-9770HIGHCVSS 7.5EG 7.52019-03-14
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension.
- CVE-2019-9773HIGHCVSS 7.5EG 7.52019-03-14
An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension.
- CVE-2019-9788CRITICALCVSS 9.8EG 9.82019-04-26
Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of…
- CVE-2019-9789CRITICALCVSS 9.8EG 9.82019-04-26
Mozilla developers and community members reported memory safety bugs present in Firefox 65. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra…
- CVE-2019-9792CRITICALCVSS 9.8EG 9.82019-04-26
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentiall…
- CVE-2019-9800CRITICALCVSS 9.8EG 9.82019-07-23
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of…
- CVE-2019-9814CRITICALCVSS 9.8EG 9.82019-07-23
Mozilla developers and community members reported memory safety bugs present in Firefox 66. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitra…
- CVE-2019-9877HIGHCVSS 7.8EG 7.82019-03-21
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker t…
- CVE-2019-9903MEDIUMCVSS 6.5EG 6.52019-03-21
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite bin…
- CVE-2019-9928HIGHCVSS 8.8EG 8.82019-04-24
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
- CVE-2019-9956HIGHCVSS 8.8EG 8.82019-03-24
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file.
- CVE-2020-0002HIGHCVSS 8.8EG 8.82020-01-08
In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation P…
- CVE-2020-0005MEDIUMCVSS 6.7EG 6.72020-02-13
In btm_read_remote_ext_features_complete of btm_acl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no…
- CVE-2020-0010MEDIUMCVSS 6.7EG 6.72020-03-10
In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e…
- CVE-2020-0011MEDIUMCVSS 6.7EG 6.72020-03-10
In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exp…
- CVE-2020-0012MEDIUMCVSS 6.7EG 6.72020-03-10
In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee…
- CVE-2020-0026HIGHCVSS 7.8EG 7.82020-02-13
In Parcel::continueWrite of Parcel.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi…
- CVE-2020-0027HIGHCVSS 7.8EG 7.82020-02-13
In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of bounds write due to an unexpected switch fallthrough. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction …
- CVE-2020-0032HIGHCVSS 8.8EG 8.82020-03-10
In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed fo…
- CVE-2020-0033HIGHCVSS 7.8EG 7.82020-03-10
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- CVE-2020-0041HIGHCVSS 7.8EG 9.0⚠ KEV2020-03-10
In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo…
- CVE-2020-0045MEDIUMCVSS 6.4EG 6.42020-03-10
In StatsService::command of StatsService.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploit…
- CVE-2020-0046HIGHCVSS 7.8EG 7.82020-03-10
In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is …
- CVE-2020-0050MEDIUMCVSS 6.7EG 6.72020-03-10
In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interactio…
- CVE-2020-0053MEDIUMCVSS 6.7EG 6.72020-03-10
In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of …
- CVE-2020-0066MEDIUMCVSS 6.4EG 6.42020-03-10
In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: Andr…
- CVE-2020-0069HIGHCVSS 7.8EG 9.0⚠ KEV2020-03-10
In the ioctl handlers of the Mediatek Command Queue driver, there is a possible out of bounds write due to insufficient input sanitization and missing SELinux restrictions. This could lead to local escalation of privilege with no additiona…
- CVE-2020-0070CRITICALCVSS 9.8EG 9.82020-04-17
In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction i…
- CVE-2020-0071CRITICALCVSS 9.8EG 9.82020-04-17
In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interacti…
- CVE-2020-0072CRITICALCVSS 9.8EG 9.82020-04-17
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is…
- CVE-2020-0073CRITICALCVSS 9.8EG 9.82020-04-17
In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is…
- CVE-2020-0076MEDIUMCVSS 6.7EG 6.72020-04-17
In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not need…
- CVE-2020-0078HIGHCVSS 7.8EG 7.82020-04-17
In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed …
- CVE-2020-0079HIGHCVSS 7.8EG 7.82020-04-17
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitat…
- CVE-2020-0081HIGHCVSS 7.8EG 7.82020-04-17
In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Pr…
- CVE-2020-0086CRITICALCVSS 9.8EG 9.82020-03-15
In readCString of Parcel.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to arbitrary code execution if IntSan were not enabled, which it is by default. No additional execution privileges are requir…
- CVE-2020-0094HIGHCVSS 7.8EG 7.82020-05-14
In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti…
- CVE-2020-0102HIGHCVSS 7.8EG 7.82020-05-14
In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed…
- CVE-2020-0103CRITICALCVSS 9.8EG 9.82020-05-14
In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for expl…
- CVE-2020-0110HIGHCVSS 7.8EG 7.82020-05-14
In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2020-0117CRITICALCVSS 9.8EG 9.82020-06-10
In aes_cmac of aes_cmac.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed…
- CVE-2020-0118HIGHCVSS 7.8EG 7.82020-06-10
In addListener of RegionSamplingThread.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is need…
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →