CWE-787: Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Yearly Trend
Top Affected Vendors
All Out-of-bounds Write CVEs (2,730)
CVE-2021-37981 is a heap buffer overflow vulnerability in Chrome's Skia graphics engine that allows an attacker who has already compromised the render...
Nov 2, 2021This vulnerability is a heap buffer overflow in Chrome's Tab Strip component that allows an attacker who has already compromised the renderer process ...
Feb 22, 2021This vulnerability is a heap buffer overflow in Google Chrome's UI component that allows a remote attacker who has already compromised the renderer pr...
Jan 8, 2021This vulnerability is a heap buffer overflow in the UI component of Google Chrome on Android. It allows a remote attacker who has already compromised ...
Nov 3, 2020This CVE describes a heap buffer overflow vulnerability in the Freetype font rendering library used by Google Chrome. A remote attacker could exploit ...
Nov 3, 2020This vulnerability in Zephyr RTOS's DNS resolver allows an out-of-bounds write when processing malicious DNS responses. Attackers can exploit this to ...
Mar 5, 2026This CVE describes an out-of-bounds write vulnerability in multiple Canon printer drivers that could allow an attacker to execute arbitrary code with ...
Mar 31, 2025This CVE describes a privilege escalation vulnerability in MediaTek wlan STA drivers where missing bounds checks allow local attackers to gain elevate...
Feb 2, 2026A heap-overflow vulnerability in VMware's PVSCSI controller allows local administrative users within a virtual machine to execute code on the host sys...
Jul 15, 2025This CVE describes an integer-overflow vulnerability in VMware's VMXNET3 virtual network adapter that allows a malicious actor with local administrati...
Jul 15, 2025This vulnerability allows memory corruption in the RPM region due to improper XPU configuration in Qualcomm Snapdragon chipsets. It affects devices us...
Apr 7, 2021A critical vulnerability in multiple Samsung Exynos processors allows attackers to execute arbitrary code or cause denial of service via malformed NAS...
Jan 5, 2026This vulnerability in Delta Electronics DVP-12SE11T PLC modules allows attackers to write data beyond allocated memory boundaries, potentially leading...
Dec 30, 2025CVE-2025-23097 is a critical memory corruption vulnerability in Samsung's Exynos 1380 mobile processor where missing length validation allows attacker...
Jun 3, 2025A memory corruption vulnerability in Samsung Exynos 1480 and 2400 mobile processors allows attackers to write data beyond allocated memory boundaries....
Jun 2, 2025This vulnerability in Vyper smart contract language allows out-of-bounds array access when using augmented assignment operators on dynamic arrays. Att...
Feb 21, 2025This CVE describes an out-of-bounds write vulnerability in Apple operating systems that could allow an attacker to cause system crashes or corrupt ker...
Jan 27, 2025This vulnerability in the Linux kernel's DRM scheduler could allow data corruption when GPU jobs are terminated prematurely. It affects systems using ...
May 21, 2024A stack overflow vulnerability in the NFC module allows attackers to execute arbitrary code or cause denial of service. This affects Huawei devices ru...
Feb 18, 2024Tenda AX1806 routers running firmware V1.0.0.1 contain a stack overflow vulnerability in the wireless repeater configuration function. This allows rem...
Nov 7, 2023This vulnerability in YottaDB allows attackers to craft malicious input that triggers memory corruption through improper bounds checking in the memcpy...
Apr 15, 2022CVE-2021-37011 is a critical stack-based buffer overflow vulnerability in Huawei smartphones running HarmonyOS. Exploitation could allow attackers to ...
Dec 7, 2021This CVE describes a stack-based buffer overflow vulnerability in Huawei smartphones running HarmonyOS. Successful exploitation could allow attackers ...
Dec 7, 2021CVE-2021-26528 is a critical out-of-bounds write vulnerability in Cesanta Mongoose HTTP server version 7.0. Attackers can remotely exploit this by sen...
Feb 8, 2021CVE-2021-26530 is a critical out-of-bounds write vulnerability in Cesanta Mongoose HTTPS server when compiled with OpenSSL support. Attackers can remo...
Feb 8, 2021This vulnerability allows attackers to perform out-of-bounds writes in Apache NuttX's TCP stack by supplying malicious urgent data pointer offsets in ...
Dec 9, 2020CVE-2020-0283 is an out-of-bounds write vulnerability in Android System-on-Chip (SoC) components that could allow attackers to execute arbitrary code ...
Oct 14, 2020CVE-2020-0367 is an out-of-bounds write vulnerability in Android System-on-Chip (SoC) components that could allow attackers to execute arbitrary code ...
Oct 14, 2020A heap-based out-of-bounds write vulnerability in Mullvad VPN client's exception logging component allows potential memory corruption when the alterna...
Dec 12, 2024This critical vulnerability in Azure RTOS NetX Duo allows remote attackers to execute arbitrary code through memory overflow flaws in multiple network...
Dec 5, 2023This is a critical remote code execution vulnerability in SolarWinds Serv-U products that allows attackers to execute arbitrary code with SYSTEM privi...
Jul 14, 2021This vulnerability allows man-in-the-middle attackers to execute arbitrary code on Synology DiskStation Manager (DSM) systems by exploiting an out-of-...
Feb 26, 2021A heap buffer overflow vulnerability in FreeRDP clients allows a malicious RDP server to execute arbitrary code on connecting clients. Attackers contr...
Feb 25, 2026This CVE describes a stack-based buffer overflow vulnerability in TOTOLINK A3002RU routers. Attackers can exploit this by sending specially crafted vp...
Feb 17, 2026This vulnerability in AMD Graphics Driver allows attackers to execute arbitrary code by exploiting improper input validation of pointers. It affects s...
Feb 11, 2026An out-of-bounds write vulnerability in Qsync Central allows authenticated remote attackers to modify or corrupt memory. This affects QNAP Qsync Centr...
Feb 11, 2026This CVE describes an out-of-bounds write vulnerability in Xen's shadow mode tracing code where guest-controlled data can be written beyond allocated ...
Jan 28, 2026This vulnerability in llama.cpp allows remote attackers to cause memory corruption by sending specially crafted JSON with negative n_discard values to...
Jan 8, 2026A memory corruption vulnerability in Apple operating systems allows attackers to execute arbitrary code by processing a malicious file. This affects u...
Dec 12, 2025This vulnerability allows remote attackers to perform out-of-bounds memory access in ANGLE (Almost Native Graphics Layer Engine) in Google Chrome on m...
Dec 12, 2025This vulnerability allows remote attackers to potentially exploit heap corruption in Google Chrome's V8 JavaScript engine via a crafted HTML page. Att...
Nov 12, 2025This vulnerability is a heap corruption flaw in Chrome's V8 JavaScript engine that allows attackers to execute arbitrary code or crash the browser by ...
Nov 10, 2025A stack-based buffer overflow vulnerability in Tenda AC18 routers allows remote attackers to crash the device or potentially execute arbitrary code by...
Nov 10, 2025CVE-2025-43505 is an out-of-bounds write vulnerability in Xcode that could allow heap corruption when processing malicious files. This affects develop...
Nov 4, 2025This vulnerability in MediaTek wlan AP driver allows remote attackers within wireless range to execute arbitrary code or escalate privileges without u...
Oct 14, 2025An out-of-bounds write vulnerability in Qsync Central allows authenticated remote attackers to modify or corrupt memory. This affects QNAP Qsync Centr...
Oct 3, 2025This vulnerability allows remote attackers to execute arbitrary code on affected devices by exploiting an out-of-bounds write in the modem firmware wh...
Sep 1, 2025This vulnerability allows remote attackers to execute arbitrary code or cause denial of service through heap corruption by tricking users into visitin...
Aug 20, 2025This CVE describes an out-of-bounds write vulnerability in the Skia graphics library. Successful exploitation could allow attackers to write beyond al...
Aug 6, 2025This vulnerability allows attackers to execute arbitrary code or cause denial of service on Dell systems with vulnerable ControlVault firmware. An out...
Jun 13, 2025About Out-of-bounds Write (CWE-787)
The product writes data past the end, or before the beginning, of the intended buffer.
Our database tracks 2,730 CVEs classified as CWE-787, with 632 rated critical and 1,885 rated high severity. The average CVSS score for Out-of-bounds Write vulnerabilities is 8.2.
External reference: View CWE-787 on MITRE CWE →
Monitor Out-of-bounds Write Vulnerabilities
Get alerted when new Out-of-bounds Write CVEs affect your infrastructure.
Start Monitoring Free