CWE-125
AllowedOut-of-bounds Read
Abstraction: Base · Status: Draft
The product reads data past the end, or before the beginning, of the intended buffer.
11291 vulnerabilities reference this CWE, most recent first.
GHSA-PQX5-J567-63FC
Vulnerability from github – Published: 2025-07-21 21:31 – Updated: 2025-07-21 21:31IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26204.
{
"affected": [],
"aliases": [
"CVE-2025-7275"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-21T20:15:49Z",
"severity": "HIGH"
},
"details": "IrfanView CADImage Plugin CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView CADImage Plugin. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26204.",
"id": "GHSA-pqx5-j567-63fc",
"modified": "2025-07-21T21:31:40Z",
"published": "2025-07-21T21:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7275"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-522"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQX7-GR66-V8PW
Vulnerability from github – Published: 2026-02-06 09:30 – Updated: 2026-02-06 09:30Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
{
"affected": [],
"aliases": [
"CVE-2026-24921"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-06T09:15:50Z",
"severity": "MODERATE"
},
"details": "Address read vulnerability in the HDC module.\nImpact: Successful exploitation of this vulnerability will affect availability and confidentiality.",
"id": "GHSA-pqx7-gr66-v8pw",
"modified": "2026-02-06T09:30:29Z",
"published": "2026-02-06T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24921"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2026/2"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinlaptops/2026/2"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletinwearables/2026/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQX7-VFW2-98VH
Vulnerability from github – Published: 2022-05-13 01:49 – Updated: 2022-05-13 01:49The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
{
"affected": [],
"aliases": [
"CVE-2018-11724"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-19T21:29:00Z",
"severity": "HIGH"
},
"details": "The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.",
"id": "GHSA-pqx7-vfw2-98vh",
"modified": "2022-05-13T01:49:20Z",
"published": "2022-05-13T01:49:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11724"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/148114/libmobi-0.3-Information-Disclosure.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2018/Jun/16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PQXQ-83PX-8PHF
Vulnerability from github – Published: 2025-03-10 21:31 – Updated: 2025-03-11 21:30In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2024-56186"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-10T19:15:39Z",
"severity": "MODERATE"
},
"details": "In closeChannel of secureelementimpl.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-pqxq-83px-8phf",
"modified": "2025-03-11T21:30:33Z",
"published": "2025-03-10T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56186"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2025-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PR27-MHPP-2CCR
Vulnerability from github – Published: 2024-01-16 18:31 – Updated: 2025-11-04 21:31EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
{
"affected": [],
"aliases": [
"CVE-2023-45231"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T16:15:11Z",
"severity": "MODERATE"
},
"details": "EDK2\u0027s Network Package is susceptible to an out-of-bounds read\n vulnerability when processing\u00a0 Neighbor Discovery Redirect message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.",
"id": "GHSA-pr27-mhpp-2ccr",
"modified": "2025-11-04T21:31:04Z",
"published": "2024-01-16T18:31:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-hc6x-cw6p-gj7h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45231"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240307-0011"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/132380"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176574/PixieFail-Proof-Of-Concepts.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/16/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PR2G-8XRC-HM2H
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
{
"affected": [],
"aliases": [
"CVE-2019-7987"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-26T19:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.",
"id": "GHSA-pr2g-8xrc-hm2h",
"modified": "2022-05-24T16:54:50Z",
"published": "2022-05-24T16:54:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7987"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PR2R-WQJ6-WP4H
Vulnerability from github – Published: 2026-01-20 06:30 – Updated: 2026-01-20 15:33Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-0899"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-20T05:16:12Z",
"severity": "HIGH"
},
"details": "Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-pr2r-wqj6-wp4h",
"modified": "2026-01-20T15:33:11Z",
"published": "2026-01-20T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0899"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/458914193"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PR34-F48H-6946
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access.
[fix check to also cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]
{
"affected": [],
"aliases": [
"CVE-2026-23315"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:27Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob\naccess.\n\n[fix check to also cover mgmt-\u003eu.action.u.addba_req.capab,\ncorrect Fixes tag]",
"id": "GHSA-pr34-f48h-6946",
"modified": "2026-04-23T21:31:16Z",
"published": "2026-03-25T12:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23315"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0fb3b94a9431a3800717e5c3b6fa2e1045a15029"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4e10a730d1b511ff49723371ed6d694dd1b2c785"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ae7b093b7dba9548a3bc4766b9364b97db4732d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7b692dff8df0ba5feb8df00f27d906d6eb1fe627"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/84419556359bc96d3fe1623d47a64c86542566cc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9612d91f617231e03c49cb9b0c02f975a3b4f51f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PR44-VH8F-W48V
Vulnerability from github – Published: 2026-07-14 21:32 – Updated: 2026-07-14 21:32An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.
{
"affected": [],
"aliases": [
"CVE-2026-15714"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T20:16:57Z",
"severity": "MODERATE"
},
"details": "An out-of-bounds read vulnerability was found in libsoup\u0027s multipart processing subsystem. The flaw exists in the soup_multipart_input_stream_read_headers() function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When processing a crafted HTTP response containing a malformed or oversized boundary parameter, the internal stream reader reads past the allocated buffer bounds. A remote, unauthenticated attacker can exploit this behavior to cause a service denial (DoS) through application failure or potentially read fragments of unauthorized memory metadata.",
"id": "GHSA-pr44-vh8f-w48v",
"modified": "2026-07-14T21:32:16Z",
"published": "2026-07-14T21:32:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-15714"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2499942"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/542"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PR4G-6FHR-W57C
Vulnerability from github – Published: 2022-10-25 19:00 – Updated: 2022-10-27 19:00A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The /action/import_wireguard_cert_file/ API is affected by command injection vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-35270"
],
"database_specific": {
"cwe_ids": [
"CWE-125",
"CWE-20",
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-25T17:15:00Z",
"severity": "HIGH"
},
"details": "A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.The `/action/import_wireguard_cert_file/` API is affected by command injection vulnerability.",
"id": "GHSA-pr4g-6fhr-w57c",
"modified": "2022-10-27T19:00:38Z",
"published": "2022-10-25T19:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35270"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1575"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Strategy: Language Selection
Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.