Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,114)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-5303 1Tungstenautomation 1Power Pdf Aug 6, 2025 Jun 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interactio...Show more Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22919.Show less
CVE-2024-5302 1Tungstenautomation 1Power Pdf Aug 6, 2025 Jun 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interactio...Show more Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22918.Show less
CVE-2024-5301 1Tungstenautomation 1Power Pdf Aug 6, 2025 Jun 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User int...Show more Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22917.Show less
CVE-2024-5267 1Sonos 1Era 100 Firmware Nov 21, 2024 Jun 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart...Show more Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22384.Show less
CVE-2024-30374 1Luxion 2Keyshot Keyshot Viewer Nov 21, 2024 Jun 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. Use...Show more Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22449.Show less
CVE-2024-27379 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Mar 29, 2025 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->nu...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27377 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Mar 28, 2025 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27376 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Mar 25, 2025 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->rx...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->rx_match_filter_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27375 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Nov 21, 2024 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sde...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27374 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Nov 21, 2024 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->serv...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27373 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Mar 25, 2025 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->mes...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->mesh_id_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27372 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Aug 27, 2025 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->inf...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27371 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Nov 21, 2024 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->ser...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-27370 1Samsung 5Exynos 1280 Firmware Exynos 1330 FirmwareExynos 1380 Firmware+2 more Nov 21, 2024 Jun 5, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_c...Show more An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead to a heap overwrite.Show less
CVE-2024-34364 1Envoyproxy 1Envoy Nov 21, 2024 Jun 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer.
CVE-2024-20880 1Samsung 1Android Feb 10, 2025 Jun 4, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.
CVE-2024-20878 1Samsung 1Android Feb 10, 2025 Jun 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-20877 1Samsung 1Android Feb 10, 2025 Jun 4, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-20873 1Samsung 1Android Feb 10, 2025 Jun 4, 2024 N/A· v4 6.0 MEDIUM· v3 N/A· v2 Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2024-20075 1Google 1Android Mar 13, 2025 Jun 3, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In eemgpu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08713302; Issue ID: MSV-1393.Show less

Previous 1...153154155...706 Next