CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,882 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 72 of 278
- CVE-2020-21066MEDIUMCVSS 6.5EG 6.52021-08-13
An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac.
- CVE-2020-21529MEDIUMCVSS 5.5EG 5.52021-09-16
fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c.
- CVE-2020-21533MEDIUMCVSS 5.5EG 5.52021-09-16
fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c.
- CVE-2020-21547HIGHCVSS 8.8EG 8.82021-09-17
Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.
- CVE-2020-21548HIGHCVSS 8.8EG 8.82021-09-17
Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.
- CVE-2020-21594MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fallback function, which can be exploited via a crafted a file.
- CVE-2020-21595MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the mc_luma function, which can be exploited via a crafted a file.
- CVE-2020-21597MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma function, which can be exploited via a crafted a file.
- CVE-2020-21598HIGHCVSS 8.8EG 8.82021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file.
- CVE-2020-21599MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the de265_image::available_zscan function, which can be exploited via a crafted a file.
- CVE-2020-21600MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file.
- CVE-2020-21601MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallback function, which can be exploited via a crafted a file.
- CVE-2020-21602MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file.
- CVE-2020-21603MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fallback_16 function, which can be exploited via a crafted a file.
- CVE-2020-21604MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl_epi64 function, which can be exploited via a crafted a file.
- CVE-2020-21606MEDIUMCVSS 6.5EG 6.52021-09-16
libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file.
- CVE-2020-21674MEDIUMCVSS 6.5EG 6.52020-10-15
Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive…
- CVE-2020-21675MEDIUMCVSS 5.5EG 5.52021-08-10
A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
- CVE-2020-21676MEDIUMCVSS 5.5EG 5.52021-08-10
A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
- CVE-2020-21677MEDIUMCVSS 6.5EG 6.52021-08-10
A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.
- CVE-2020-21679MEDIUMCVSS 5.5EG 5.52023-08-22
Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.
- CVE-2020-21680MEDIUMCVSS 5.5EG 5.52021-08-10
A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
- CVE-2020-21685MEDIUMCVSS 5.5EG 5.52023-08-22
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
- CVE-2020-21687MEDIUMCVSS 5.5EG 5.52023-08-22
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
- CVE-2020-21723MEDIUMCVSS 5.5EG 5.52023-08-22
A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.
- CVE-2020-21724HIGHCVSS 7.8EG 7.82023-08-22
Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.
- CVE-2020-21813HIGHCVSS 7.8EG 7.82021-05-17
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via output_TEXT ../../programs/dwg2SVG.c:114.
- CVE-2020-21814HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlwescape ../../programs/escape.c:97.
- CVE-2020-21816HIGHCVSS 8.8EG 8.82021-05-17
A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:46.
- CVE-2020-21818HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641 via htmlescape ../../programs/escape.c:48.
- CVE-2020-21819HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10.2641via htmlescape ../../programs/escape.c:51.
- CVE-2020-21827HIGHCVSS 7.8EG 7.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2379.
- CVE-2020-21830HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.10 via bit_calc_CRC ../../src/bits.c:2213.
- CVE-2020-21831HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
- CVE-2020-21832HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode.c:2417.
- CVE-2020-21833HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:2440.
- CVE-2020-21834MEDIUMCVSS 6.5EG 6.52021-05-17
A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ../../programs/dwgbmp.c:164.
- CVE-2020-21836HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_preview ../../src/decode.c:3175.
- CVE-2020-21838HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:2842.
- CVE-2020-21840HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985.
- CVE-2020-21841HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135.
- CVE-2020-21842HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.
- CVE-2020-21843HIGHCVSS 8.8EG 8.82021-05-17
A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318.
- CVE-2020-21890HIGHCVSS 7.8EG 7.82023-08-22
Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.
- CVE-2020-22016HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec/get_bits.h when writing .mov files, which might lead to memory corruption and other potential consequences.
- CVE-2020-22017HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_fill_rectangle in libavfilter/drawutils.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22022HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_fieldorder.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22023HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in filter_frame at libavfilter/vf_bitplanenoise.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22025HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists in gaussian_blur at libavfilter/vf_edgedetect.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22027HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in deflate16 at libavfilter/vf_neighbor.c, which might lead to memory corruption and other potential consequences.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →