Category

CWE 125

Security vulnerabilities and automated fixes for cwe 125 issues

5 posts found

critical6 min

How buffer overflow via unchecked memcpy offset happens in C++ PCL point cloud parsing and how to fix it

A critical out-of-bounds read vulnerability was discovered in `pcpatch_pcl.cpp` where the `readFloat` lambda performed a `memcpy` operation using an untrusted offset value without validating buffer boundaries. An attacker could craft malicious PCD point cloud files with large offset values to read memory outside allocated buffers, potentially leaking sensitive data or causing crashes. The fix adds a bounds check ensuring `f->offset + sizeof(float)` stays within the row buffer before any memory c

#security#buffer-overflow#cpp+4 more
O
orbisai0security
Jul 6, 2026
critical5 min

How out-of-bounds array access happens in C kernel modules and how to fix it

A high-severity out-of-bounds array access vulnerability was discovered in the natflow_conntrack.c kernel module where the `ct->proto.tcp.state` value was used directly as an array index without bounds validation. An attacker capable of manipulating TCP connection state could trigger reads beyond the `tcp_conntrack_names[]` array, potentially leaking kernel memory or causing system crashes. The fix adds a simple bounds check using `ARRAY_SIZE()` before array access.

#security#c#kernel+4 more
O
orbisai0security
Jul 5, 2026
high8 min

How buffer overflow happens in C MemStream.h and how to fix it

A high-severity buffer overflow vulnerability was discovered in `src/avt/IVP/MemStream.h`, where the `read()` and `write()` template methods performed `memcpy` operations without validating that `_pos + nBytes` stayed within the allocated buffer. An attacker supplying crafted serialized integral curve data could trigger out-of-bounds memory reads or writes, potentially corrupting the heap or leaking sensitive memory. The fix adds a single bounds check before each `memcpy`, throwing an `ImproperU

#buffer-overflow#c-plus-plus#memcpy+4 more
O
orbisai0security
Jun 25, 2026
critical9 min

How out-of-bounds reads happen in C gettext .mo file parsers and how to fix it

A missing bounds check in the gettext `.mo` file parser inside `compose/asc-utils-l10n.c` allowed a malformed or truncated file to trigger out-of-bounds reads from heap memory. The vulnerability affected two distinct read sites — a `memcpy` of the full `AscLocaleGettextHeader` struct at line 131 and a 4-byte offset read at line 224 — neither of which validated that the source buffer was large enough. The fix adds explicit size checks before both reads, rejecting invalid files with a descriptive

#c#buffer-overflow#out-of-bounds-read+4 more
O
orbisai0security
Jun 18, 2026
critical9 min

Critical Buffer Overflow Fixed in libretro-common Socket Select Wrapper

A critical out-of-bounds memory read vulnerability was discovered and patched in libretro-common's network socket abstraction layer, where unsafe memcpy operations on caller-supplied fd_set pointers could lead to heap or stack memory corruption. Attackers or malicious inputs exploiting this flaw could potentially read sensitive memory regions or destabilize the application. The fix introduces proper source-size validation before performing memory copy operations on file descriptor sets.

#c#memory-safety#buffer-overflow+4 more
O
orbisai0security
May 17, 2026