CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,878 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 69 of 278
- CVE-2020-16028HIGHCVSS 8.8EG 8.82021-01-08
Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16037HIGHCVSS 8.8EG 8.82021-01-08
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16038HIGHCVSS 8.8EG 8.82021-01-08
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16039HIGHCVSS 8.8EG 8.82021-01-08
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16040MEDIUMCVSS 6.5EG 6.52021-01-08
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-16044HIGHCVSS 8.8EG 8.82021-02-09
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
- CVE-2020-16158HIGHCVSS 8.8EG 8.82020-10-19
GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.
- CVE-2020-16199HIGHCVSS 7.8EG 7.82020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify i…
- CVE-2020-16207HIGHCVSS 7.8EG 7.82020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code executio…
- CVE-2020-16213HIGHCVSS 7.8EG 7.82020-08-06
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, which may allow remot…
- CVE-2020-16221HIGHCVSS 7.8EG 7.82020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify informati…
- CVE-2020-16223HIGHCVSS 7.8EG 7.82020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify informatio…
- CVE-2020-16225HIGHCVSS 7.8EG 7.82020-08-07
Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify informatio…
- CVE-2020-16243HIGHCVSS 7.8EG 7.82021-02-23
Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of th…
- CVE-2020-16287MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16289MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16290MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16291MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16292MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16296MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript from v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16297MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16300MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16304MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51.
- CVE-2020-16305MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16308MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.
- CVE-2020-16309MEDIUMCVSS 5.5EG 5.52020-08-13
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51.
- CVE-2020-16587MEDIUMCVSS 5.5EG 5.52020-12-09
A heap-based buffer overflow vulnerability exists in Academy Software Foundation OpenEXR 2.3.0 in chunkOffsetReconstruction in ImfMultiPartInputFile.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-16589MEDIUMCVSS 5.5EG 5.52020-12-09
A head-based buffer overflow exists in Academy Software Foundation OpenEXR 2.3.0 in writeTileData in ImfTiledOutputFile.cpp that can cause a denial of service via a crafted EXR file.
- CVE-2020-1664HIGHCVSS 7.8EG 7.82020-10-16
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with roo…
- CVE-2020-16884MEDIUMCVSS 4.2EG 4.22020-09-11
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could exe…
- CVE-2020-16915HIGHCVSS 7.8EG 7.82020-10-16
<p>A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new ac…
- CVE-2020-16918HIGHCVSS 7.8EG 7.82020-10-16
<p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p> <p>An attacker who successfully exploited the vulnerability would gain execution on a victim system.</p> <p>The security update…
- CVE-2020-16930HIGHCVSS 7.8EG 7.82020-10-16
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of t…
- CVE-2020-16947HIGHCVSS 7.5EG 8.82020-10-16
<p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of…
- CVE-2020-16968HIGHCVSS 7.8EG 7.82020-10-16
<p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. …
- CVE-2020-17048MEDIUMCVSS 4.2EG 4.22020-11-11
Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-17052HIGHCVSS 7.5EG 7.52020-11-11
Scripting Engine Memory Corruption Vulnerability
- CVE-2020-17053HIGHCVSS 7.5EG 7.52020-11-11
Internet Explorer Memory Corruption Vulnerability
- CVE-2020-17054MEDIUMCVSS 4.2EG 4.22020-11-11
Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-17058HIGHCVSS 7.5EG 7.52020-11-11
Microsoft Browser Memory Corruption Vulnerability
- CVE-2020-1711HIGHCVSS 7.7EG 6.02020-02-11
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi…
- CVE-2020-17131MEDIUMCVSS 4.2EG 4.22020-12-10
Chakra Scripting Engine Memory Corruption Vulnerability
- CVE-2020-17360HIGHCVSS 7.8EG 7.82020-08-12
An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy method defined in classpath-common.h contains multiple boundary checks that are performed to prevent out-of-bounds memory read/write. However, two of these boundary checks…
- CVE-2020-17380MEDIUMCVSS 6.3EG 6.32021-01-30
A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or…
- CVE-2020-17382HIGHCVSS 7.8EG 7.82020-10-02
The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).
- CVE-2020-17403HIGHCVSS 7.8EG 7.82020-08-25
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-17404HIGHCVSS 7.8EG 7.82020-08-25
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-17412HIGHCVSS 7.8EG 7.82020-10-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2020-17413HIGHCVSS 7.8EG 7.82020-10-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or o…
- CVE-2020-17416HIGHCVSS 7.8EG 7.82020-10-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open …
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →