Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-13302 2Debian Ffmpeg 2Debian Linux Ffmpeg Nov 21, 2024 Jul 5, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access...Show more In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact.Show less
CVE-2018-12018 1Ethereum 1Go Ethereum Nov 21, 2024 Jul 5, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers...Show more The GetBlockHeadersMsg handler in the LES protocol implementation in Go Ethereum (aka geth) before 1.8.11 may lead to an access violation because of an integer signedness error for the array index, which allows attackers to launch a Denial of Service attack by sending a packet with a -1 query.Skip value. The vulnerable remote node would be crashed by such an attack immediately, aka the EPoD (Ethereum Packet of Death) issue.Show less
CVE-2018-5851 1Google 1Android Nov 21, 2024 Jun 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux...Show more Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.Show less
CVE-2018-3576 1Google 1Android Nov 21, 2024 Jun 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linu...Show more improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.Show less
CVE-2017-15857 1Google 1Android Nov 21, 2024 Jun 12, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In the camera driver, an out-of-bounds access can occur due to an error in copying region params from user space in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVE-2017-5445 3Debian MozillaRedhat 9Debian Linux Enterprise LinuxEnterprise Linux Desktop+6 more Nov 25, 2025 Jun 11, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vul...Show more A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.Show less
CVE-2018-11490 4Canonical DebianGiflib Project+1 more 4Debian Linux GiflibSam2p+1 more Nov 21, 2024 May 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is n...Show more The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.Show less
CVE-2018-11489 2Giflib Project Sam2p Project 2Giflib Sam2p Nov 21, 2024 May 26, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This w...Show more The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.Show less
CVE-2018-7406 1Foxitsoftware 2Phantompdf Reader Nov 21, 2024 May 24, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the t...Show more An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the u3d images inside of a pdf. The issue results from the lack of proper validation of user-supplied data, which can result in an array indexing issue. An attacker can leverage this to execute code in the context of the current process.Show less
CVE-2017-15855 1Google 1Android Nov 21, 2024 May 17, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issu...Show more In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in user space. An unchecked userspace value (ioctl_ptr->len) is used to copy contents to a kernel buffer which can lead to kernel buffer overflow.Show less
CVE-2016-10454 1Qualcomm 4Sd 425 Firmware Sd 430 FirmwareSd 450 Firmware+1 more Nov 21, 2024 Apr 18, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, and SD 625, in a QTEE API function, an array out-of-bounds index can occur.
CVE-2014-9990 1Qualcomm 21Mdm9206 Firmware Mdm9607 FirmwareMdm9615 Firmware+18 more Nov 21, 2024 Apr 18, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 6...Show more In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access.Show less
CVE-2014-9989 1Qualcomm 24Mdm9206 Firmware Mdm9607 FirmwareMdm9615 Firmware+21 more Nov 21, 2024 Apr 18, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 4...Show more In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module.Show less
CVE-2014-10048 1Qualcomm 27Mdm9206 Firmware Mdm9607 FirmwareMdm9650 Firmware+24 more Nov 21, 2024 Apr 18, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600,...Show more In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound.Show less
CVE-2014-10044 1Qualcomm 10Mdm9615 Firmware Mdm9625 FirmwareMdm9635m Firmware+7 more Nov 21, 2024 Apr 18, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can...Show more In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 617, SD 800, and SD 820, in the time daemon, unauthorized users can potentially modify system time and cause an array index to be out-of-bound.Show less
CVE-2018-10120 4Canonical DebianLibreoffice+1 more 6Debian Linux Enterprise Linux DesktopEnterprise Linux Server+3 more Nov 21, 2024 Apr 16, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of ser...Show more The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.Show less
CVE-2017-15830 1Google 1Android Nov 21, 2024 Mar 16, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overfl...Show more In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper ch_list array index initialization in function sme_set_plm_request() causes potential buffer overflow.Show less
CVE-2017-14889 1Google 1Android Nov 21, 2024 Mar 16, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address executio...Show more In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler.Show less
CVE-2017-15861 1Google 1Android Nov 21, 2024 Feb 23, 2018 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function wma_roam_synch_event_handler, vdev_id is received from firmware and used to access an array without validation.
CVE-2017-16410 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more May 13, 2026 Dec 9, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a...Show more An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the image conversion module, when processing GIF files. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.Show less

Previous 1...25 262728 29 Next