Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-125
Total 4813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3435 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2023-02-28 N/A 4.3 MEDIUM
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-210357 was assigned to this vulnerability.
CVE-2019-6284 1 Sass-lang 1 Libsass 2023-02-28 4.3 MEDIUM 6.5 MEDIUM
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
CVE-2019-6283 1 Sass-lang 1 Libsass 2023-02-28 4.3 MEDIUM 6.5 MEDIUM
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
CVE-2018-21016 2 Debian, Gpac 2 Debian Linux, Gpac 2023-02-28 4.3 MEDIUM 6.5 MEDIUM
audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
CVE-2022-41977 1 Openimageio 1 Openimageio 2023-02-28 N/A 3.3 LOW
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2018-3745 1 Atob Project 1 Atob 2023-02-28 6.4 MEDIUM 9.1 CRITICAL
atob 2.0.3 and earlier allocates uninitialized Buffers when number is passed in input on Node.js 4.x and below.
CVE-2019-17533 2 Debian, Matio Project 2 Debian Linux, Matio 2023-02-28 6.4 MEDIUM 8.2 HIGH
Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.
CVE-2018-25012 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2023-02-28 6.4 MEDIUM 9.1 CRITICAL
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
CVE-2022-41988 1 Openimageio Project 1 Openimageio 2023-02-28 N/A 7.5 HIGH
An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2019-11042 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2023-02-28 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2019-11041 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2023-02-28 5.8 MEDIUM 7.1 HIGH
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
CVE-2022-34346 1 Intel 1 Media Software Development Kit 2023-02-27 N/A 7.8 HIGH
Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-14153 1 Ijg 1 Libjpeg 2023-02-27 5.8 MEDIUM 7.1 HIGH
In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers.
CVE-2020-10177 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2023-02-27 4.3 MEDIUM 5.5 MEDIUM
Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c.
CVE-2020-10378 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Pillow 2023-02-27 4.3 MEDIUM 5.5 MEDIUM
In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX files where state->shuffle is instructed to read beyond state->buffer.
CVE-2020-10994 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Pillow 2023-02-27 4.3 MEDIUM 5.5 MEDIUM
In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file.
CVE-2020-11538 3 Canonical, Fedoraproject, Python 3 Ubuntu Linux, Fedora, Pillow 2023-02-27 6.8 MEDIUM 8.1 HIGH
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311.
CVE-2021-29458 3 Debian, Exiv2, Fedoraproject 3 Debian Linux, Exiv2, Fedora 2023-02-27 4.3 MEDIUM 5.5 MEDIUM
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4.
CVE-2023-22353 1 Jtekt 1 Screen Creator Advance 2 2023-02-27 N/A 7.8 HIGH
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.
CVE-2023-22350 1 Jtekt 1 Screen Creator Advance 2 2023-02-27 N/A 7.8 HIGH
Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Having a user of Screen Creator Advance 2 to open a specially crafted project file may lead to information disclosure and/or arbitrary code execution.