Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-1933 1Qualcomm 81Apq8017 Firmware Apq8053 FirmwareAqt1000 Firmware+78 more Nov 21, 2024 Sep 9, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearable...Show more UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon WearablesShow less
CVE-2020-35635 2Cgal Debian 2Computational Geometry Algorithms Library Debian Linux Nov 21, 2024 Aug 30, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially craf...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2020-35634 2Cgal Debian 2Computational Geometry Algorithms Library Debian Linux Nov 21, 2024 Aug 30, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_ob...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2020-35633 2Cgal Debian 2Computational Geometry Algorithms Library Debian Linux Nov 21, 2024 Aug 30, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item...Show more A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2021-38563 2Foxit Foxitsoftware 2Pdf Editor Pdf Reader Nov 21, 2024 Aug 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and...Show more An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size (derived from a /Size entry) is smaller than the maximum indirect object number, and thus there is an attempted incorrect array access (leading to a NULL pointer dereference, or out-of-bounds read or write).Show less
CVE-2020-28589 1Tinyobjloader Project 1Tinyobjloader Nov 21, 2024 Aug 11, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attac...Show more An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2020-18430 1Tinyexr Project 1Tinyexr Nov 21, 2024 Jul 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 tinyexr 0.9.5 was discovered to contain an array index error in the tinyexr::DecodeEXRImage component, which can lead to a denial of service (DOS).
CVE-2020-18428 1Tinyexr Project 1Tinyexr Nov 21, 2024 Jul 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 tinyexr commit 0.9.5 was discovered to contain an array index error in the tinyexr::SaveEXR component, which can lead to a denial of service (DOS).
CVE-2020-11307 1Qualcomm 121Apq8009w Firmware Apq8017 FirmwareApq8053 Firmware+118 more Nov 21, 2024 Jul 13, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
CVE-2021-22374 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause stability risks.
CVE-2021-21833 1Accusoft 1Imagegear Nov 21, 2024 Jun 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can...Show more An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-31658 1Tp Link 2Tl Sg2005 Firmware Tl Sg2008 Firmware Nov 21, 2024 Jun 10, 2021 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does n...Show more TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is affected by an Array index error. The interface that provides the "device description" function only judges the length of the received data, and does not filter special characters. This vulnerability will cause the application to crash, and all device configuration information will be erased.Show less
CVE-2020-11291 1Qualcomm 96Apq8017 Firmware Apq8053 FirmwareAqt1000 Firmware+93 more Nov 21, 2024 Jun 9, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdra...Show more Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon MobileShow less
CVE-2020-11134 1Qualcomm 325Aqt1000 Firmware Ar8031 FirmwareAr8035 Firmware+322 more Nov 21, 2024 Jun 9, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon A...Show more Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and NetworkingShow less
CVE-2021-22333 1Huawei 2Emui Magic Ui Nov 21, 2024 Jun 3, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions.
CVE-2021-33815 1Ffmpeg 1Ffmpeg Nov 21, 2024 Jun 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_count is not strictly checked.
CVE-2020-11294 1Qualcomm 244Ar8035 Firmware Pm215 FirmwarePm3003a Firmware+241 more Nov 21, 2024 May 7, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap...Show more Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesShow less
CVE-2020-11308 1Qualcomm 333Apq8009 Firmware Aqt1000 FirmwareAr8031 Firmware+330 more Nov 21, 2024 Mar 17, 2021 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon I...Show more Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & MusicShow less
CVE-2020-11227 1Qualcomm 401Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+398 more Nov 21, 2024 Mar 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon...Show more Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2020-11226 1Qualcomm 401Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+398 more Nov 21, 2024 Mar 17, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...Show more Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less

Previous 1...192021...29 Next