CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,882 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 73 of 278
- CVE-2020-22029HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_colorconstancy.c: in slice_get_derivative, which crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
- CVE-2020-22030HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/af_afade.c in crossfade_samples_fltp, which might lead to memory corruption and other potential consequences.
- CVE-2020-22031HIGHCVSS 8.8EG 8.82021-05-27
A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/vf_w3fdif.c in filter16_complex_low, which might lead to memory corruption and other potential consequences.
- CVE-2020-22032HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_edgedetect.c in gaussian_blur, which might lead to memory corruption and other potential consequences.
- CVE-2020-22033MEDIUMCVSS 6.5EG 6.52021-05-27
A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavfilter/vf_vmafmotion.c in convolution_y_8bit, which could let a remote malicious user cause a Denial of Service.
- CVE-2020-22034HIGHCVSS 8.8EG 8.82021-05-27
A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavfilter/vf_floodfill.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22035HIGHCVSS 8.8EG 8.82021-06-01
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get_block_row at libavfilter/vf_bm3d.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22036HIGHCVSS 8.8EG 8.82021-06-01
A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_intra at libavfilter/vf_bwdif.c, which might lead to memory corruption and other potential consequences.
- CVE-2020-22079CRITICALCVSS 9.8EG 9.82021-10-29
Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg.
- CVE-2020-22217MEDIUMCVSS 5.9EG 9.82023-08-22
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
- CVE-2020-22218HIGHCVSS 7.5EG 7.52023-08-22
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
- CVE-2020-22336CRITICALCVSS 9.8EG 9.82023-07-06
An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.
- CVE-2020-22675MEDIUMCVSS 5.5EG 5.52021-10-12
An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
- CVE-2020-22677MEDIUMCVSS 5.5EG 5.52021-10-12
An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
- CVE-2020-22678MEDIUMCVSS 5.5EG 5.52021-10-12
An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.
- CVE-2020-22907HIGHCVSS 7.5EG 7.52021-07-13
Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.
- CVE-2020-23060HIGHCVSS 7.1EG 7.12021-10-22
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file.
- CVE-2020-23258HIGHCVSS 7.5EG 7.52023-04-04
An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.
- CVE-2020-23260HIGHCVSS 7.5EG 7.52023-04-04
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
- CVE-2020-23266MEDIUMCVSS 5.5EG 5.52021-09-22
An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.
- CVE-2020-23267HIGHCVSS 7.1EG 7.12021-09-22
An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file
- CVE-2020-23269MEDIUMCVSS 5.5EG 5.52021-09-22
An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.
- CVE-2020-23273MEDIUMCVSS 5.5EG 5.52021-09-22
Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.
- CVE-2020-23303CRITICALCVSS 9.8EG 9.82021-06-10
There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.
- CVE-2020-23306CRITICALCVSS 9.8EG 9.82021-06-10
There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.
- CVE-2020-23321CRITICALCVSS 9.8EG 9.82021-06-10
There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.
- CVE-2020-23323CRITICALCVSS 9.8EG 9.82021-06-10
There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.
- CVE-2020-23332HIGHCVSS 7.5EG 7.52021-08-17
A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS).
- CVE-2020-23333HIGHCVSS 7.5EG 7.52021-08-17
A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS).
- CVE-2020-23334HIGHCVSS 7.5EG 7.52021-08-17
A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault.
- CVE-2020-23550HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.
- CVE-2020-23551HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.
- CVE-2020-23552HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.
- CVE-2020-23553HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.
- CVE-2020-23554HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.
- CVE-2020-23555HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.
- CVE-2020-23556HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.
- CVE-2020-23557HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.
- CVE-2020-23558HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.
- CVE-2020-23559HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.
- CVE-2020-23560HIGHCVSS 7.8EG 7.82022-09-16
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.
- CVE-2020-23706MEDIUMCVSS 6.5EG 6.52021-07-15
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_subsequent_scan() ok_jpg.c:1102 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
- CVE-2020-23707MEDIUMCVSS 6.5EG 6.52021-07-15
A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.
- CVE-2020-23851MEDIUMCVSS 5.5EG 5.52021-05-18
A stack-based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c:513:28, which could cause a denial of service by submitting a malicious jpeg image.
- CVE-2020-23852MEDIUMCVSS 5.5EG 5.52021-05-18
A heap based buffer overflow vulnerability exists in ffjpeg through 2020-07-02 in the jfif_decode(void *ctxt, BMP *pb) function at ffjpeg/src/jfif.c (line 544 & line 545), which could cause a denial of service by submitting a malicious jpe…
- CVE-2020-23861MEDIUMCVSS 5.5EG 5.52021-05-18
A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 via the read_system_page function at libredwg-0.10.1/src/decode_r2007.c:666:5, which causes a denial of service by submitting a dwg file.
- CVE-2020-23873CRITICALCVSS 9.8EG 9.82021-11-10
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.
- CVE-2020-23874CRITICALCVSS 9.8EG 9.82021-11-10
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.
- CVE-2020-23877CRITICALCVSS 9.8EG 9.82021-11-10
pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.
- CVE-2020-23878CRITICALCVSS 9.8EG 9.82021-11-10
pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →