CWE-788
DiscouragedAccess of Memory Location After End of Buffer
Abstraction: Base · Status: Incomplete
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
283 vulnerabilities reference this CWE, most recent first.
GHSA-CFPX-C4P5-W27C
Vulnerability from github – Published: 2022-06-14 00:00 – Updated: 2022-06-14 00:00Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.
{
"affected": [],
"aliases": [
"CVE-2021-46817"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-13T13:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.",
"id": "GHSA-cfpx-c4p5-w27c",
"modified": "2022-06-14T00:00:35Z",
"published": "2022-06-14T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46817"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb21-70.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CJJ6-WMGG-XG75
Vulnerability from github – Published: 2021-11-19 00:00 – Updated: 2022-04-26 00:01Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40757"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-18T17:15:00Z",
"severity": "HIGH"
},
"details": "Adobe After Effects version 18.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability.",
"id": "GHSA-cjj6-wmgg-xg75",
"modified": "2022-04-26T00:01:24Z",
"published": "2021-11-19T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40757"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-79.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CM5Q-2H7W-XFC7
Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2026-04-02 21:31The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2024-27829"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:13:06Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution.",
"id": "GHSA-cm5q-2h7w-xfc7",
"modified": "2026-04-02T21:31:41Z",
"published": "2024-05-14T15:32:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27829"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/120903"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214106"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214106"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/May/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CPG4-43JP-J7RH
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2022-05-24 19:12Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-36077"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-cpg4-43jp-j7rh",
"modified": "2022-05-24T19:12:42Z",
"published": "2022-05-24T19:12:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36077"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/bridge/apsb21-69.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CQH2-QVG6-WWCH
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-23 00:00Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40738"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-cqh2-qvg6-wwch",
"modified": "2022-03-23T00:00:31Z",
"published": "2022-03-17T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40738"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CQQJ-66GG-VPC8
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-42527"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-cqqj-66gg-vpc8",
"modified": "2022-03-17T00:00:29Z",
"published": "2022-03-17T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42527"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CQWP-PX3C-6WVV
Vulnerability from github – Published: 2022-03-17 00:00 – Updated: 2022-03-17 00:00Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-40739"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-16T15:15:00Z",
"severity": "HIGH"
},
"details": "Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-cqwp-px3c-6wvv",
"modified": "2022-03-17T00:00:34Z",
"published": "2022-03-17T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40739"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/audition/apsb21-92.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CVMV-WG6W-9QVW
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-39819"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-27T16:15:00Z",
"severity": "HIGH"
},
"details": "Adobe InCopy version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious XML file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.",
"id": "GHSA-cvmv-wg6w-9qvw",
"modified": "2022-05-24T19:15:47Z",
"published": "2022-05-24T19:15:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39819"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/incopy/apsb21-71.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-CWQH-H5Q7-WC9W
Vulnerability from github – Published: 2022-02-09 00:00 – Updated: 2022-03-17 00:05Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
{
"affected": [],
"aliases": [
"CVE-2022-0521"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-08T21:15:00Z",
"severity": "HIGH"
},
"details": "Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.",
"id": "GHSA-cwqh-h5q7-wc9w",
"modified": "2022-03-17T00:05:53Z",
"published": "2022-02-09T00:00:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0521"
},
{
"type": "WEB",
"url": "https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F24R-9C3W-MJJ9
Vulnerability from github – Published: 2024-08-29 12:31 – Updated: 2024-08-29 12:31Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
{
"affected": [],
"aliases": [
"CVE-2024-38304"
],
"database_specific": {
"cwe_ids": [
"CWE-788"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-29T11:15:26Z",
"severity": "LOW"
},
"details": "Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.",
"id": "GHSA-f24r-9c3w-mjj9",
"modified": "2024-08-29T12:31:04Z",
"published": "2024-08-29T12:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38304"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000228137/dsa-2024-310-security-update-for-dell-poweredge-server-for-access-of-memory-location-after-end-of-buffer-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.