CWE-787— Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.— MITRE CWE catalog
13,886 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-787page 84 of 278
- CVE-2020-6155HIGHCVSS 7.8EG 7.82020-11-13
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To tr…
- CVE-2020-6156HIGHCVSS 7.8EG 7.82020-11-13
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC f…
- CVE-2020-6331MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6335MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6336MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6337MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6339MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6340MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6342MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6343MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6346MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6347MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6349MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6350MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6355MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6356MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6357MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated U3D file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6358MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6359MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PLT file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6360MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6361MEDIUMCVSS 4.3EG 4.32020-09-09
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applica…
- CVE-2020-6372HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6373HIGHCVSS 7.8EG 7.82020-10-15
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the applicat…
- CVE-2020-6378HIGHCVSS 8.8EG 8.82020-02-11
Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6379HIGHCVSS 8.8EG 8.82020-02-11
Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6387HIGHCVSS 8.8EG 8.82020-02-11
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
- CVE-2020-6389HIGHCVSS 8.8EG 8.82020-02-11
Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream.
- CVE-2020-6390HIGHCVSS 8.8EG 8.82020-02-11
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6404HIGHCVSS 8.8EG 8.82020-02-11
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6407HIGHCVSS 8.8EG 8.82020-02-27
Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6415HIGHCVSS 8.8EG 8.82020-02-11
Inappropriate implementation in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6419HIGHCVSS 8.8EG 8.82020-06-03
Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6422HIGHCVSS 8.8EG 8.82020-03-23
Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6426MEDIUMCVSS 6.5EG 6.52020-03-23
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6427HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6428HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6429HIGHCVSS 8.8EG 8.82020-03-23
Use after free in audio in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6444MEDIUMCVSS 6.3EG 6.32020-04-13
Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6447HIGHCVSS 8.8EG 8.82020-04-13
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6452HIGHCVSS 8.8EG 8.82020-04-13
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6453HIGHCVSS 8.8EG 8.82020-06-03
Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6458HIGHCVSS 8.8EG 8.82020-05-21
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2020-6459HIGHCVSS 8.8EG 8.82020-05-21
Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6463HIGHCVSS 8.8EG 8.82020-05-21
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6464HIGHCVSS 8.8EG 8.82020-05-21
Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6467HIGHCVSS 8.8EG 8.82020-05-21
Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6468HIGHCVSS 8.8EG 8.82020-05-21
Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6474HIGHCVSS 8.8EG 8.82020-05-21
Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6507HIGHCVSS 8.8EG 8.82020-07-22
Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2020-6510HIGHCVSS 7.8EG 7.82020-07-22
Heap buffer overflow in background fetch in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Map vulnerabilities like CWE-787 to your infrastructure
EchelonGraph correlates every CVE — across CWE-787 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →