Common Weakness Enumeration

CWE-788

Discouraged

Access of Memory Location After End of Buffer

Abstraction: Base · Status: Incomplete

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

283 vulnerabilities reference this CWE, most recent first.

GHSA-CFPX-C4P5-W27C

Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2022-06-14 00:00
VLAI
Details

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-13T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.",
  "id": "GHSA-cfpx-c4p5-w27c",
  "modified": "2022-06-14T00:00:35Z",
  "published": "2022-06-14T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46817"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CJJ6-WMGG-XG75

Vulnerability from github – Published: 2021-11-19 00:00 – Updated: 2022-04-26 00:01
VLAI
Details

Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-18T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.",
  "id": "GHSA-cjj6-wmgg-xg75",
  "modified": "2022-04-26T00:01:24Z",
  "published": "2021-11-19T00:00:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40757"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-79.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM5Q-2H7W-XFC7

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-04-02 21:31
VLAI
Details

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27829"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:13:06Z",
    "severity": "HIGH"
  },
  "details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.",
  "id": "GHSA-cm5q-2h7w-xfc7",
  "modified": "2026-04-02T21:31:41Z",
  "published": "2024-05-14T15:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27829"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/120903"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT214106"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT214106"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/May/12"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CPG4-43JP-J7RH

Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12
VLAI
Details

Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36077"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-01T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-cpg4-43jp-j7rh",
  "modified": "2022-05-24T19:12:42Z",
  "published": "2022-05-24T19:12:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36077"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-CQH2-QVG6-WWCH

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-23 00:00
VLAI
Details

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-cqh2-qvg6-wwch",
  "modified": "2022-03-23T00:00:31Z",
  "published": "2022-03-17T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40738"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQQJ-66GG-VPC8

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00
VLAI
Details

Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-cqqj-66gg-vpc8",
  "modified": "2022-03-17T00:00:29Z",
  "published": "2022-03-17T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42527"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CQWP-PX3C-6WVV

Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00
VLAI
Details

Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-16T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-cqwp-px3c-6wvv",
  "modified": "2022-03-17T00:00:34Z",
  "published": "2022-03-17T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40739"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CVMV-WG6W-9QVW

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15
VLAI
Details

Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39819"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-27T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
  "id": "GHSA-cvmv-wg6w-9qvw",
  "modified": "2022-05-24T19:15:47Z",
  "published": "2022-05-24T19:15:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39819"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/incopy/apsb21-71.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CWQH-H5Q7-WC9W

Vulnerability from github – Published: 2022-02-09 00:00 – Updated: 2022-03-17 00:05
VLAI
Details

Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-08T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.",
  "id": "GHSA-cwqh-h5q7-wc9w",
  "modified": "2022-03-17T00:05:53Z",
  "published": "2022-02-09T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0521"
    },
    {
      "type": "WEB",
      "url": "https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F24R-9C3W-MJJ9

Vulnerability from github – Published: 2024-08-29 12:31 – Updated: 2024-08-29 12:31
VLAI
Details

Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-788"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-29T11:15:26Z",
    "severity": "LOW"
  },
  "details": "Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.",
  "id": "GHSA-f24r-9c3w-mjj9",
  "modified": "2024-08-29T12:31:04Z",
  "published": "2024-08-29T12:31:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38304"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.