CWE-787
Allowed-with-ReviewOut-of-bounds Write
Abstraction: Base · Status: Draft
The product writes data past the end, or before the beginning, of the intended buffer.
15097 vulnerabilities reference this CWE, most recent first.
GHSA-XJG9-9F7C-CX46
Vulnerability from github – Published: 2022-05-14 01:48 – Updated: 2022-05-14 01:48In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184
{
"affected": [],
"aliases": [
"CVE-2018-9536"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-11-14T18:29:00Z",
"severity": "HIGH"
},
"details": "In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184",
"id": "GHSA-xjg9-9f7c-cx46",
"modified": "2022-05-14T01:48:47Z",
"published": "2022-05-14T01:48:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9536"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2018-11-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105865"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJHH-W3RJ-8MXM
Vulnerability from github – Published: 2022-07-07 00:00 – Updated: 2022-07-16 00:00A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.
{
"affected": [],
"aliases": [
"CVE-2021-3695"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-06T16:15:00Z",
"severity": "MODERATE"
},
"details": "A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.",
"id": "GHSA-xjhh-w3rj-8mxm",
"modified": "2022-07-16T00:00:20Z",
"published": "2022-07-07T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3695"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991685"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202209-12"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220930-0001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XJHP-VGWG-948R
Vulnerability from github – Published: 2024-01-12 21:30 – Updated: 2024-01-12 21:30NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.
{
"affected": [],
"aliases": [
"CVE-2023-31031"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T19:15:10Z",
"severity": "MODERATE"
},
"details": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.",
"id": "GHSA-xjhp-vgwg-948r",
"modified": "2024-01-12T21:30:19Z",
"published": "2024-01-12T21:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31031"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-XJJV-53W6-63W7
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
{
"affected": [],
"aliases": [
"CVE-2018-4918"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-19T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.",
"id": "GHSA-xjjv-53w6-63w7",
"modified": "2022-05-13T01:06:31Z",
"published": "2022-05-13T01:06:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4918"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102994"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040364"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJM8-5H8C-CC2G
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2021-25346"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-04T22:15:00Z",
"severity": "CRITICAL"
},
"details": "A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.",
"id": "GHSA-xjm8-5h8c-cc2g",
"modified": "2022-05-24T17:43:42Z",
"published": "2022-05-24T17:43:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25346"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-342"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-XJMJ-W54M-V5GR
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 21:30In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
{
"affected": [],
"aliases": [
"CVE-2022-47369"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "MODERATE"
},
"details": "In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.",
"id": "GHSA-xjmj-w54m-v5gr",
"modified": "2023-02-21T21:30:19Z",
"published": "2023-02-12T06:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47369"
},
{
"type": "WEB",
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1621031430231134210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJP4-HW94-MVP5
Vulnerability from github – Published: 2024-03-21 09:31 – Updated: 2025-02-13 19:05This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a 'StackOverflowError' when adding a property in 'AbstractListDelimiterHandler.flattenIterator()'. Users are recommended to upgrade to version 2.10.1, which fixes the issue.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.commons:commons-configuration2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0"
},
{
"fixed": "2.10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29131"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-21T18:58:52Z",
"nvd_published_at": "2024-03-21T09:15:07Z",
"severity": "MODERATE"
},
"details": "This Out-of-bounds Write vulnerability in Apache Commons Configuration affects Apache Commons Configuration: from 2.0 before 2.10.1. User can see this as a \u0027StackOverflowError\u0027 when adding a property in \u0027AbstractListDelimiterHandler.flattenIterator()\u0027.\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.",
"id": "GHSA-xjp4-hw94-mvp5",
"modified": "2025-02-13T19:05:12Z",
"published": "2024-03-21T09:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29131"
},
{
"type": "WEB",
"url": "https://github.com/apache/commons-configuration/commit/56b5c4dcdffbde27870df5a3105d6a5f9b22f554"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/commons-configuration"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/CONFIGURATION-840"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/03nzzzjn4oknyw5y0871tw7ltj0t3r37"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SNKDKEEKZNL5FGCTZKJ6CFXFVWFL5FJ7"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YD4AFTIIQW662LUAQRMWS6BBKYSZG3YS"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241213-0001"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/20/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()"
}
GHSA-XJP4-WV35-98VJ
Vulnerability from github – Published: 2025-04-03 00:31 – Updated: 2025-04-03 00:31Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
{
"affected": [],
"aliases": [
"CVE-2025-3154"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-02T23:15:18Z",
"severity": "LOW"
},
"details": "Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.",
"id": "GHSA-xjp4-wv35-98vj",
"modified": "2025-04-03T00:31:32Z",
"published": "2025-04-03T00:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3154"
},
{
"type": "WEB",
"url": "https://www.xpdfreader.com/security-bug/CVE-2025-3154.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-XJPF-MWM5-W4CR
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-02-04 18:30A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2026-0659"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:12Z",
"severity": "HIGH"
},
"details": "A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.",
"id": "GHSA-xjpf-mwm5-w4cr",
"modified": "2026-02-04T18:30:42Z",
"published": "2026-02-04T18:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0659"
},
{
"type": "WEB",
"url": "https://github.com/Autodesk/arnold-usd"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"type": "WEB",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2026-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XJPP-Q586-9WHH
Vulnerability from github – Published: 2022-06-03 00:00 – Updated: 2022-06-09 00:00An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.
{
"affected": [],
"aliases": [
"CVE-2021-42201"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-02T14:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.",
"id": "GHSA-xjpp-q586-9whh",
"modified": "2022-06-09T00:00:17Z",
"published": "2022-06-03T00:00:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42201"
},
{
"type": "WEB",
"url": "https://github.com/matthiaskramm/swftools/issues/175"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer.
- Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
Mitigation MIT-4.1
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Mitigation MIT-10
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-9
- Consider adhering to the following rules when allocating and managing an application's memory:
- Double check that the buffer is as large as specified.
- When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string.
- Check buffer boundaries if accessing the buffer in a loop and make sure there is no danger of writing past the allocated space.
- If necessary, truncate all input strings to a reasonable length before passing them to the copy and concatenation functions.
Mitigation MIT-11
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation MIT-12
Strategy: Environment Hardening
- Use a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment.
- For more information on these techniques see D3-PSEP (Process Segment Execution Prevention) from D3FEND [REF-1336].
Mitigation MIT-13
Replace unbounded copy functions with analogous functions that support length arguments, such as strcpy with strncpy. Create these if they are not available.
No CAPEC attack patterns related to this CWE.