Vulnerabilities (CVE)

Filtered by CWE-125
Total 6166 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-17854 1 Simdcomp Project 1 Simdcomp 2019-02-01 4.3 MEDIUM 6.5 MEDIUM
SIMDComp before 0.1.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. NOTE: this issue exists because of an incomplete fix for CVE-2018-17427.
CVE-2018-18933 1 Foxitsoftware 2 Foxit Reader, U3d 2019-01-30 6.4 MEDIUM 9.1 CRITICAL
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader!safe_vsnprintf+0x00000000002c4330" issue.
CVE-2018-5811 2 Canonical, Libraw 2 Ubuntu Linux, Libraw 2019-01-30 4.3 MEDIUM 6.5 MEDIUM
An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2019-6246 1 Svgpp 1 Svgpp 2019-01-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling the gil::get_color function in Generic Image Library in Boost, the return code is used as an address, leading to an Access Violation because of an out-of-bounds read.
CVE-2019-6985 2 Foxitsoftware, Microsoft 2 3d, Windows 2019-01-29 6.8 MEDIUM 8.8 HIGH
An issue was discovered in Foxit 3D Plugin Beta before 9.4.0.16807 for Foxit Reader and PhantomPDF. The application could encounter an Out-of-Bounds Read in Indexing or a Heap Overflow and crash during handling of certain PDF files that embed specifically crafted 3D content, due to an array access violation.
CVE-2018-4194 2 Apple, Microsoft 6 Icloud, Iphone Os, Itunes and 3 more 2019-01-29 6.8 MEDIUM 8.8 HIGH
In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
CVE-2018-12817 1 Adobe 1 Digital Editions 2019-01-23 5.0 MEDIUM 7.5 HIGH
Adobe Digital Editions versions 4.5.9 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-6443 1 Ntpsec 1 Ntpsec 2019-01-22 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVE-2019-6444 1 Ntpsec 1 Ntpsec 2019-01-22 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVE-2018-4169 1 Apple 1 Mac Os X 2019-01-17 10.0 HIGH 9.8 CRITICAL
In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation.
CVE-2018-4256 1 Apple 1 Mac Os X 2019-01-16 2.1 LOW 5.5 MEDIUM
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
CVE-2018-4255 1 Apple 1 Mac Os X 2019-01-16 2.1 LOW 5.5 MEDIUM
In macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation.
CVE-2019-5007 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2019-01-15 5.8 MEDIUM 7.1 HIGH
An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. It is an Out-of-Bounds Read Information Disclosure and crash due to a NULL pointer dereference when reading TIFF data during TIFF parsing.
CVE-2018-20588 1 Otfcc Project 1 Otfcc 2019-01-14 4.3 MEDIUM 6.5 MEDIUM
lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.
CVE-2018-20430 2 Debian, Gnu 2 Debian Linux, Libextractor 2019-01-11 4.3 MEDIUM 6.5 MEDIUM
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
CVE-2018-20453 1 Libdoc Project 1 Libdoc 2019-01-11 4.3 MEDIUM 6.5 MEDIUM
The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.
CVE-2018-11963 1 Google 1 Android 2019-01-09 7.2 HIGH 7.8 HIGH
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver.
CVE-2018-20591 1 Libming 1 Libming 2019-01-04 4.3 MEDIUM 6.5 MEDIUM
A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.
CVE-2018-19842 1 Radare 1 Radare2 2018-12-31 4.3 MEDIUM 5.5 MEDIUM
getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.
CVE-2018-19843 1 Radare 1 Radare2 2018-12-31 4.3 MEDIUM 5.5 MEDIUM
opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2.