CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11292 vulnerabilities reference this CWE, most recent first.
GHSA-MW63-Q92X-5P9W
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-18 00:01In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600
{
"affected": [],
"aliases": [
"CVE-2021-0976"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "MODERATE"
},
"details": "In toBARK of floor0.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-199680600",
"id": "GHSA-mw63-q92x-5p9w",
"modified": "2021-12-18T00:01:29Z",
"published": "2021-12-16T00:01:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0976"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MW86-5PQ8-22C8
Vulnerability from github – Published: 2025-12-08 18:30 – Updated: 2025-12-08 21:30In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48596"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-08T17:16:16Z",
"severity": "HIGH"
},
"details": "In appendFrom of Parcel.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-mw86-5pq8-22c8",
"modified": "2025-12-08T21:30:20Z",
"published": "2025-12-08T18:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48596"
},
{
"type": "WEB",
"url": "https://android.googlesource.com/platform/frameworks/native/+/6ffdde944d4e0b440b1dfc1f232687299700e039"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2025-12-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW8G-RGQF-RW5H
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
{
"affected": [],
"aliases": [
"CVE-2019-9169"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-26T02:29:00Z",
"severity": "CRITICAL"
},
"details": "In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.",
"id": "GHSA-mw8g-rgqf-rw5h",
"modified": "2022-05-13T01:01:01Z",
"published": "2022-05-13T01:01:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9169"
},
{
"type": "WEB",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140"
},
{
"type": "WEB",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-04"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190315-0002"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24114"
},
{
"type": "WEB",
"url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K54823184"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4416-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107160"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MW9V-X4M4-66V4
Vulnerability from github – Published: 2024-04-10 15:30 – Updated: 2024-04-10 15:30After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-20737"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T09:15:06Z",
"severity": "MODERATE"
},
"details": "After Effects versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mw9v-x4m4-66v4",
"modified": "2024-04-10T15:30:39Z",
"published": "2024-04-10T15:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20737"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-09.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MWF7-WFVQ-VC32
Vulnerability from github – Published: 2024-10-15 21:30 – Updated: 2025-03-24 15:30In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
{
"affected": [],
"aliases": [
"CVE-2024-41311"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-15T21:15:10Z",
"severity": "HIGH"
},
"details": "In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.",
"id": "GHSA-mwf7-wfvq-vc32",
"modified": "2025-03-24T15:30:35Z",
"published": "2024-10-15T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41311"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libheif/issues/1226"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libheif/pull/1227"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"
},
{
"type": "WEB",
"url": "https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00025.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MWF8-8Q3H-4WP8
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2021-28587"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-28T14:15:00Z",
"severity": "MODERATE"
},
"details": "After Effects versions 18.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-mwf8-8q3h-4wp8",
"modified": "2022-05-24T19:06:24Z",
"published": "2022-05-24T19:06:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28587"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-33.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MWFJ-CW48-Q48M
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2018-10888"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-10T14:29:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.",
"id": "GHSA-mwfj-cw48-q48m",
"modified": "2022-05-13T01:02:09Z",
"published": "2022-05-13T01:02:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10888"
},
{
"type": "WEB",
"url": "https://github.com/libgit2/libgit2/commit/9844d38bed10e9ff17174434b3421b227ae710f3"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1598024"
},
{
"type": "WEB",
"url": "https://github.com/libgit2/libgit2/releases/tag/v0.27.3"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00031.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWHG-GWRR-FF82
Vulnerability from github – Published: 2025-09-23 06:30 – Updated: 2026-01-20 21:31In the Linux kernel, the following vulnerability has been resolved:
dmaengine: ti: edma: Fix memory allocation size for queue_priority_map
Fix a critical memory allocation bug in edma_setup_from_hw() where queue_priority_map was allocated with insufficient memory. The code declared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8), but allocated memory using sizeof(s8) instead of the correct size.
This caused out-of-bounds memory writes when accessing: queue_priority_map[i][0] = i; queue_priority_map[i][1] = i;
The bug manifested as kernel crashes with "Oops - undefined instruction" on ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the memory corruption triggered kernel hardening features on Clang.
Change the allocation to use sizeof(*queue_priority_map) which automatically gets the correct size for the 2D array structure.
{
"affected": [],
"aliases": [
"CVE-2025-39869"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-23T06:15:46Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n\nFix a critical memory allocation bug in edma_setup_from_hw() where\nqueue_priority_map was allocated with insufficient memory. The code\ndeclared queue_priority_map as s8 (*)[2] (pointer to array of 2 s8),\nbut allocated memory using sizeof(s8) instead of the correct size.\n\nThis caused out-of-bounds memory writes when accessing:\n queue_priority_map[i][0] = i;\n queue_priority_map[i][1] = i;\n\nThe bug manifested as kernel crashes with \"Oops - undefined instruction\"\non ARM platforms (BeagleBoard-X15) during EDMA driver probe, as the\nmemory corruption triggered kernel hardening features on Clang.\n\nChange the allocation to use sizeof(*queue_priority_map) which\nautomatically gets the correct size for the 2D array structure.",
"id": "GHSA-mwhg-gwrr-ff82",
"modified": "2026-01-20T21:31:30Z",
"published": "2025-09-23T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39869"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/069fd1688c57c0cc8a3de64d108579b31676f74b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1baed10553fc8b388351d8fc803e3ae6f1a863bc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/301a96cc4dc006c9a285913d301e681cfbf7edb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e462fa0dfdb52b3983cf41532d3d4c7d63e2f93"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7d4de60d6db02d9b01d5890d5156b04fad65d07a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d5e82f3f2c918d446df46e8d65f8083fd97cdec5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d722de80ce037dccf6931e778f4a46499d51bdf9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e63419dbf2ceb083c1651852209c7f048089ac0f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MWJV-VMCG-VMW5
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
{
"affected": [],
"aliases": [
"CVE-2020-11190"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-17T06:15:00Z",
"severity": "CRITICAL"
},
"details": "Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"id": "GHSA-mwjv-vmcg-vmw5",
"modified": "2022-05-24T17:44:40Z",
"published": "2022-05-24T17:44:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11190"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MWMV-6V63-763H
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-08-13 09:30A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.208), Parasolid V36.1 (All versions < V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2024-32636"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T16:17:05Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Parasolid V35.1 (All versions \u003c V35.1.256), Parasolid V36.0 (All versions \u003c V36.0.208), Parasolid V36.1 (All versions \u003c V36.1.173). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.",
"id": "GHSA-mwmv-6v63-763h",
"modified": "2024-08-13T09:30:52Z",
"published": "2024-05-14T18:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32636"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-046364.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.