Vulnerabilities > Out-of-bounds Read

DATE CVE VULNERABILITY TITLE RISK
2014-04-07 CVE-2014-0160 Out-of-bounds Read vulnerability in multiple products
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
7.5
2014-03-19 CVE-2014-1508 Out-Of-Bounds Read vulnerability in Mozilla products
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.
6.4
2014-03-19 CVE-2014-1497 Out-Of-Bounds Read vulnerability in multiple products
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file.
6.8
2012-06-05 CVE-2012-1798 Out-Of-Bounds Read vulnerability in Imagemagick
The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.
4.3
2012-06-05 CVE-2012-0259 Out-Of-Bounds Read vulnerability in Imagemagick
The GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (crash) via a zero value in the component count of an EXIF XResolution tag in a JPEG file, which triggers an out-of-bounds read.
4.3
2012-04-05 CVE-2011-3066 Out-Of-Bounds Read vulnerability in Google Chrome
Skia, as used in Google Chrome before 18.0.1025.151, does not properly perform clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
network
google CWE-125
6.8
2012-03-30 CVE-2011-3060 Out-Of-Bounds Read vulnerability in Google Chrome
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
network
google apple CWE-125
6.8
2012-03-30 CVE-2011-3059 Out-Of-Bounds Read vulnerability in Google Chrome
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
network
google apple CWE-125
6.8
2012-03-22 CVE-2011-3057 Out-Of-Bounds Read vulnerability in Google Chrome
Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.
network
google CWE-125
4.3
2012-03-05 CVE-2011-3040 Out-Of-Bounds Read vulnerability in Google Chrome
Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
4.3