Filtered by CWE-125
Total 9597 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-57255 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 6.1 Medium
The application opens a PDF containing an abnormal color space whose attributes reference a valid but semantically malformed function. The function's output is not validated; when subsequently read, it produces an illegal pointer that accesses an out-of-bounds region, crashing the application.
CVE-2026-57253 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 6.1 Medium
An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing.
CVE-2026-57243 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 6.1 Medium
During the process of page opening and form formatting, a JavaScript reentrancy results in an inconsistent document status. Subsequently, with outdated page information, the application attempts to access invalid addresses, causing the application to crash.
CVE-2026-57241 1 Foxitsoftware 2 Foxit Pdf Editor, Foxit Reader 2026-07-10 6.1 Medium
The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds access.
CVE-2026-15185 1 Gpac 1 Gpac 2026-07-09 3.3 Low
A vulnerability was determined in GPAC 26.03-DEV. This affects the function vobsub_read_idx of the file /src/media_tools/vobsub.c of the component MP4Box. Executing a manipulation of the argument num_langs can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called 532097084729a936bcdf6a27c41003f3bd7dc3ff. It is best practice to apply a patch to resolve this issue. Two different commits were applied to fix this issue.
CVE-2026-41604 1 Apache 1 Thrift 2026-07-09 8.2 High
Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.
CVE-2026-56362 1 Imagemagick 1 Imagemagick 2026-07-09 3.3 Low
ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting any writer calling GetPixelIndex.
CVE-2026-56374 1 Imagemagick 1 Imagemagick 2026-07-09 3.3 Low
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the FTXT encoder due to missing boundary checks when parsing ftxt:format. Remote attackers can trigger an out of bounds read by crafting malicious FTXT image files to cause denial of service or information disclosure.
CVE-2026-44041 1 Uvnc 1 Ultravnc 2026-07-09 4.3 Medium
UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb() function passes a caller-supplied WCHAR pointer to wcslen() before any bounds check. If the caller provides a wide-character buffer that is not properly NUL-terminated, wcslen() reads past the end of the buffer until it encounters a NUL wchar, resulting in an out-of-bounds read. Under typical Win32 API usage this requires an abnormal caller contract. Impact is limited to a potential information disclosure from adjacent memory regions or a process crash (denial of service) if the over-read crosses a page boundary.
CVE-2026-52719 2 Gstreamer Project, Redhat 2 Gstreamer Plugin, Enterprise Linux 2026-07-08 7.1 High
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure.
CVE-2026-44808 1 Microsoft 2 Windows 11 26h1, Windows 11 26h1 2026-07-08 7.8 High
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42914 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 5.3 Medium
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2026-42837 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-07-08 7.8 High
Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45608 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-07-08 6.8 Medium
Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally.
CVE-2026-45457 1 Microsoft 7 365 Apps, Microsoft 365, Office 2021 and 4 more 2026-07-08 7.8 High
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45455 1 Microsoft 10 365 Apps, Excel 2016, Microsoft 365 Apps For Enterprise and 7 more 2026-07-08 3.3 Low
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-45641 1 Microsoft 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more 2026-07-08 8.4 High
Access of resource using incompatible type ('type confusion') in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-44820 1 Microsoft 11 365 Apps, Excel, Excel 2016 and 8 more 2026-07-08 7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-14740 1 Hmbrand 1 Dbi 2026-07-08 9.1 Critical
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
CVE-2026-55654 2 Openssh, Redhat 6 Openssh, Enterprise Linux, Hardened Images and 3 more 2026-07-08 3.7 Low
A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Application Programming Interface) indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific configurations involving GSSAPI authentication and a Kerberos environment, could exploit this to cause the SSH authentication path to crash or abort. This leads to a denial of service (DoS), impacting the availability of the SSH service.