Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CVEs (569)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-16391 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more May 13, 2026 Dec 9, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a...Show more An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. The vulnerability is a result of untrusted input that is used to calculate an array index; the calculation occurs in the printing functionality. The vulnerability leads to an operation that can write to a memory location that is outside of the memory addresses allocated for the data structure. The specific scenario leads to a write access to a memory location that does not belong to the relevant process address space.Show less
CVE-2017-8172 1Huawei 2P10 Firmware P10 Plus Firmware May 13, 2026 Nov 22, 2017 N/A· v4 5.5 MEDIUM· v3 7.1 HIGH· v2 Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a...Show more Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL00C00B157 versions and earlier than VTR-AL00C00B157 versions has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and the application can send given parameter to specific interface, which make a out-of-bounds array access that results in smart phone restart.Show less
CVE-2017-16899 2Debian Xfig Project 2Debian Linux Xfig May 13, 2026 Nov 20, 2017 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font valu...Show more An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.Show less
CVE-2017-0836 1Google 1Android May 13, 2026 Nov 16, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64893226.
CVE-2017-8251 1Google 1Android May 13, 2026 Sep 21, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overf...Show more In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle.Show less
CVE-2015-8316 1Lightdm Project 1Lightdm May 13, 2026 Sep 6, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with...Show more Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.Show less
CVE-2014-4616 4Opensuse Opensuse ProjectPython+1 more 4Opensuse OpensusePython+1 more May 13, 2026 Aug 24, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the...Show more Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.Show less
CVE-2017-0805 1Google 1Android May 13, 2026 Aug 24, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.
CVE-2017-10663 1Linux 1Linux Kernel May 13, 2026 Aug 19, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors.
CVE-2016-10386 1Google 1Android May 13, 2026 Aug 18, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP.
CVE-2017-0737 1Google 1Android May 13, 2026 Aug 9, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563942.
CVE-2017-0716 1Google 1Android May 13, 2026 Aug 9, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37203196.
CVE-2017-8797 1Linux 1Linux Kernel May 13, 2026 Jul 2, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is u...Show more The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.Show less
CVE-2014-9948 1Google 1Android May 13, 2026 Jun 6, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
CVE-2017-0347 1Nvidia 1Gpu Driver May 13, 2026 May 9, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated an...Show more All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array, which may lead to denial of service or potential escalation of privileges.Show less
CVE-2017-0345 1Nvidia 1Gpu Driver May 13, 2026 May 9, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated al...Show more All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input used as an array size is not correctly validated allows out of bound access in kernel memory and may lead to denial of service or potential escalation of privilegesShow less
CVE-2017-7228 1Xen 1Xen May 13, 2026 Apr 4, 2017 N/A· v4 8.2 HIGH· v3 7.2 HIGH· v2 An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to...Show more An issue (known as XSA-212) was discovered in Xen, with fixes available for 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x. The earlier XSA-29 fix introduced an insufficient check on XENMEM_exchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays.Show less
CVE-2016-9053 1Aerospike 1Database Server May 13, 2026 Feb 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outsi...Show more An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.Show less
CVE-2017-0322 1Nvidia 1Gpu Driver May 13, 2026 Feb 15, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to...Show more All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges.Show less
CVE-2016-8816 1Nvidia 1Gpu Driver May 6, 2026 Dec 16, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the...Show more All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.Show less

Previous 1...25 26 272829 Next