CWE-129: Improper Validation of Array Index — known CVE vulnerabilities
CVEs classified under CWE-129 (Improper Validation of Array Index), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2020-27485 — CVSS 9.9 (critical): Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the…
CVE-2020-27483 — CVSS 9.9 (critical): Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the…
CVE-2026-21413 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b…
CVE-2025-3357 — CVSS 9.8 (critical): IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper…
CVE-2024-38623 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix…
CVE-2021-47548 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow…
CVE-2024-31581 — CVSS 9.8 (critical): FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c…
CVE-2024-24563 — CVSS 9.8 (critical): Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are…
CVE-2023-28004 — CVSS 9.8 (critical): A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of…
CVE-2023-0755 — CVSS 9.8 (critical): The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and…
CVE-2022-25720 — CVSS 9.8 (critical): Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-1933 — CVSS 9.8 (critical): UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-38563 — CVSS 9.8 (critical): An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandles situations in which an array size…
CVE-2020-11307 — CVSS 9.8 (critical): Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2021-21833 — CVSS 9.8 (critical): An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A…
CVE-2020-11291 — CVSS 9.8 (critical): Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of…
CVE-2020-11134 — CVSS 9.8 (critical): Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup…
CVE-2021-22333 — CVSS 9.8 (critical): There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause…
CVE-2020-11227 — CVSS 9.8 (critical): Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto…
CVE-2020-35636 — CVSS 9.8 (critical): A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h…
CVE-2020-35628 — CVSS 9.8 (critical): A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists…
CVE-2020-28636 — CVSS 9.8 (critical): A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists…
CVE-2020-28601 — CVSS 9.8 (critical): A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists…
CVE-2020-11163 — CVSS 9.8 (critical): Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the…
CVE-2020-3639 — CVSS 9.8 (critical): u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory…
CVE-2020-3673 — CVSS 9.8 (critical): u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the…
CVE-2020-3654 — CVSS 9.8 (critical): u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon…
CVE-2020-3660 — CVSS 9.8 (critical): Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon…
CVE-2019-14080 — CVSS 9.8 (critical): Out of bound write can happen due to lack of check of array index value while parsing SDP attribute for SAR in Snapdragon Auto, Snapdragon…
CVE-2020-3633 — CVSS 9.8 (critical): Array out of bound may occur while playing mp3 file as no check is there on offset if it is greater than the buffer allocated or not in…
CVE-2020-12022 — CVSS 9.8 (critical): Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker…
CVE-2019-10594 — CVSS 9.8 (critical): Stack overflow can occur when SDP is received with multiple payload types in the FMTP attribute of a video M line in Snapdragon Auto…
CVE-2019-10590 — CVSS 9.8 (critical): Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon…
CVE-2019-10611 — CVSS 9.8 (critical): Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute…
CVE-2015-8366 — CVSS 9.8 (critical): Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and…
CVE-2019-2320 — CVSS 9.8 (critical): Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute…
CVE-2019-10511 — CVSS 9.8 (critical): Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT…
CVE-2019-2325 — CVSS 9.8 (critical): Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto…
CVE-2019-2258 — CVSS 9.8 (critical): Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute…
CVE-2019-10533 — CVSS 9.8 (critical): Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon…
CVE-2019-17212 — CVSS 9.8 (critical): Buffer overflows were discovered in the CoAP library in Arm Mbed OS 5.14.0. The CoAP parser is responsible for parsing received CoAP…
CVE-2019-15784 — CVSS 9.8 (critical): Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.
CVE-2016-10454 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, and SD 625, in a QTEE…
CVE-2014-9990 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…
CVE-2014-9989 — CVSS 9.8 (critical): In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615…