Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-20644 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Feb 11, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web conte...Show more The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.Show less
CVE-2026-20616 1Apple 4Ipados Iphone OsMacos+1 more Apr 2, 2026 Feb 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD fi...Show more An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. Processing a maliciously crafted USD file may lead to unexpected app termination.Show less
CVE-2026-25990 1Python 1Pillow Apr 30, 2026 Feb 11, 2026 8.6 HIGH· v4 7.5 HIGH· v3 N/A· v2 Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
CVE-2020-37208 1Nsasoft 1Spotftp Feb 20, 2026 Feb 11, 2026 4.6 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' fie...Show more SpotFTP 3.0.0.0 contains a buffer overflow vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash and denial of service.Show less
CVE-2026-2314 1Google 1Chrome Feb 13, 2026 Feb 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-48518 - - Feb 11, 2026 Feb 11, 2026 6.9 MEDIUM· v4 N/A· v3 N/A· v2 Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.
CVE-2024-36324 - - Feb 11, 2026 Feb 11, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.
CVE-2025-57709 1Qnap 1Qsync Central Feb 12, 2026 Feb 11, 2026 1.3 LOW· v4 8.1 HIGH· v3 N/A· v2 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed th...Show more A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and laterShow less
CVE-2025-30276 1Qnap 1Qsync Central Feb 11, 2026 Feb 11, 2026 4.9 MEDIUM· v4 8.8 HIGH· v3 N/A· v2 An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the v...Show more An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and laterShow less
CVE-2026-21349 1Adobe 1Lightroom Feb 19, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...Show more Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-29949 - - Feb 10, 2026 Feb 10, 2026 4.8 MEDIUM· v4 N/A· v3 N/A· v2 Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of ser...Show more Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.Show less
CVE-2024-36355 - - Feb 12, 2026 Feb 10, 2026 7.0 HIGH· v4 N/A· v3 N/A· v2 Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially resulting in arbitrary code execution.
CVE-2026-25506 2Debian Opensuse 2Debian Linux Munge Feb 25, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptogr...Show more MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.Show less
CVE-2026-21352 1Adobe 1Dng Software Development Kit Feb 13, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte...Show more DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21346 1Adobe 1Bridge Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i...Show more Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21342 1Adobe 1Substance 3d Stager Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21341 1Adobe 1Substance 3d Stager Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21358 1Adobe 1Indesign Feb 11, 2026 Feb 10, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the...Show more InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21357 1Adobe 1Indesign Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...Show more InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-21335 1Adobe 1Substance 3d Designer Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less

Previous 1...343536...704 Next