Skip to main content

CWE-823

Use of Out-of-range Pointer Offset

71 CVEs Avg CVSS 7.2 MITRE
6
CRITICAL
39
HIGH
24
MEDIUM
1
LOW
9
POC
1
KEV

Monthly

CVE-2026-21734 HIGH This Week

Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unusual or edge-case shader code (e.g. WebGL/compute shaders using a very small value) corrupt memory and crash the GPU compiler process. On platforms where that compiler process runs with system privileges, the memory corruption could be chained toward privilege escalation or further device exploitation. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; impact is integrity and availability (CVSS 7.7, CWE-823).

Memory Corruption Buffer Overflow Graphics Ddk
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-46244 CRITICAL PATCH Act Now

Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.

Authentication Bypass Linux Memory Corruption
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-34193 MEDIUM PATCH This Month

Arbitrary firmware memory writes in Imagination Technologies Graphics DDK affect multiple DDK versions across Guest/Host VM deployments. A logic error in GPU driver address translation permits kernel-level software within a VM to issue malformed commands to GPU firmware, causing writes to memory regions outside the intended GPU memory boundary. The Chrome OS stable channel advisory reference confirms real-world platform-level impact, and a vendor patch is available. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Memory Corruption Information Disclosure Graphics Ddk
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28764 HIGH This Week

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Mediainfolib
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-41907 npm HIGH POC PATCH This Week

Buffer overwrite vulnerability in uuid JavaScript library versions prior to 14.0.0 enables remote attackers to corrupt memory and potentially disclose sensitive information through out-of-range writes when applications use v3, v5, or v6 UUID generation functions with caller-provided output buffers. The library fails to validate buffer boundaries, allowing partial writes beyond allocated memory regions. Vendor patch available in version 14.0.0 per GitHub security advisory GHSA-w5hq-g745-h8pq. No confirmed active exploitation (not in CISA KEV), and CVSS 4.0 Environmental Score suggests exploitation status is unproven (E:U).

Memory Corruption Information Disclosure Red Hat
NVD GitHub VulDB
CVSS 4.0
8.1
EPSS
0.0%
CVE-2025-33215 MEDIUM This Month

NVIDIA SNAP-4 Container contains a use-of-out-of-range pointer offset vulnerability in the VIRTIO-BLK component that allows a malicious guest VM to trigger memory corruption and denial of service. The vulnerability affects NVIDIA SNAP-4 Container across all versions as indicated by the CPE string. A successful exploit results in denial of service to the DPA (Data Processing Appliance) and impacts storage availability to other VMs, though no code execution or information disclosure is possible. There is no evidence of active exploitation in the wild (KEV status indicates none), and the CVSS score of 6.8 reflects moderate severity with high availability impact but limited exploitability due to requiring adjacent network access and user privileges.

Denial Of Service Nvidia Memory Corruption
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-21732 CRITICAL Act Now

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.

Buffer Overflow Memory Corruption Graphics Ddk
NVD VulDB
CVSS 3.1
9.6
EPSS
0.0%
CVE-2026-20022 MEDIUM This Month

Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.

Cisco Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-54152 MEDIUM This Month

A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Qsync Central
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23764 Monitor

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).

Linux Windows Denial Of Service
NVD GitHub
EPSS
0.0%
EPSS 0% CVSS 7.7
HIGH This Week

Out-of-bounds write in Imagination Technologies' Graphics DDK GPU shader compiler lets a crafted web page containing unusual or edge-case shader code (e.g. WebGL/compute shaders using a very small value) corrupt memory and crash the GPU compiler process. On platforms where that compiler process runs with system privileges, the memory corruption could be chained toward privilege escalation or further device exploitation. No public exploit identified at time of analysis and the issue is not listed in CISA KEV; impact is integrity and availability (CVSS 7.7, CWE-823).

Memory Corruption Buffer Overflow Graphics Ddk
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.

Authentication Bypass Linux Memory Corruption
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Arbitrary firmware memory writes in Imagination Technologies Graphics DDK affect multiple DDK versions across Guest/Host VM deployments. A logic error in GPU driver address translation permits kernel-level software within a VM to issue malformed commands to GPU firmware, causing writes to memory regions outside the intended GPU memory boundary. The Chrome OS stable channel advisory reference confirms real-world platform-level impact, and a vendor patch is available. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.

Memory Corruption Information Disclosure Graphics Ddk
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow Mediainfolib
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Buffer overwrite vulnerability in uuid JavaScript library versions prior to 14.0.0 enables remote attackers to corrupt memory and potentially disclose sensitive information through out-of-range writes when applications use v3, v5, or v6 UUID generation functions with caller-provided output buffers. The library fails to validate buffer boundaries, allowing partial writes beyond allocated memory regions. Vendor patch available in version 14.0.0 per GitHub security advisory GHSA-w5hq-g745-h8pq. No confirmed active exploitation (not in CISA KEV), and CVSS 4.0 Environmental Score suggests exploitation status is unproven (E:U).

Memory Corruption Information Disclosure Red Hat
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA SNAP-4 Container contains a use-of-out-of-range pointer offset vulnerability in the VIRTIO-BLK component that allows a malicious guest VM to trigger memory corruption and denial of service. The vulnerability affects NVIDIA SNAP-4 Container across all versions as indicated by the CPE string. A successful exploit results in denial of service to the DPA (Data Processing Appliance) and impacts storage availability to other VMs, though no code execution or information disclosure is possible. There is no evidence of active exploitation in the wild (KEV status indicates none), and the CVSS score of 6.8 reflects moderate severity with high availability impact but limited exploitability due to requiring adjacent network access and user privileges.

Denial Of Service Nvidia Memory Corruption
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

GPU shader compiler memory corruption via malicious shader code allows remote code execution when the compiler runs with elevated privileges, affecting multiple platforms through crafted switch statements that trigger out-of-bounds writes. An attacker can exploit this vulnerability by delivering specially-crafted GPU shader code through a web page, potentially gaining system-level control on vulnerable devices. No patch is currently available for this critical vulnerability.

Buffer Overflow Memory Corruption Graphics Ddk
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Device denial of service in Cisco Secure Firewall ASA and Secure FTD Software occurs when an unauthenticated adjacent attacker sends specially crafted OSPF packets to trigger out-of-bounds memory writes during packet canonicalization processing. An attacker can exploit this by sending malicious OSPF LSU packets when debug logging is enabled, forcing the affected device to reload and become unavailable. No patch is currently available for this medium-severity vulnerability.

Cisco Memory Corruption Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

A use of out-of-range pointer offset vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read sensitive portions of memory. [CVSS 6.5 MEDIUM]

Buffer Overflow Information Disclosure Qsync Central
NVD
EPSS 0%
Monitor

VB-Audio Voicemeeter, Voicemeeter Banana, and Voicemeeter Potato (versions ending in 1.1.1.9, 2.1.1.9, and 3.1.1.9 and earlier, respectively), as well as VB-Audio Matrix and Matrix Coconut (versions ending in 1.0.2.2 and 2.0.2.2 and earlier, respectively), contain a vulnerability in their virtual audio drivers (vbvoicemeetervaio64*.sys, vbmatrixvaio64*.sys, vbaudio_vmauxvaio*.sys, vbaudio_vmvaio*.sys, and vbaudio_vmvaio3*.sys).

Linux Windows Denial Of Service
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy