Category

Out Of Bounds Read

Security vulnerabilities and automated fixes for out of bounds read issues

4 posts found

critical9 min

How out-of-bounds reads happen in C gettext .mo file parsers and how to fix it

A missing bounds check in the gettext `.mo` file parser inside `compose/asc-utils-l10n.c` allowed a malformed or truncated file to trigger out-of-bounds reads from heap memory. The vulnerability affected two distinct read sites — a `memcpy` of the full `AscLocaleGettextHeader` struct at line 131 and a 4-byte offset read at line 224 — neither of which validated that the source buffer was large enough. The fix adds explicit size checks before both reads, rejecting invalid files with a descriptive

#c#buffer-overflow#out-of-bounds-read+4 more
O
orbisai0security
Jun 18, 2026
critical6 min

How out-of-bounds read via unchecked memcpy happens in C packet processing and how to fix it

A critical out-of-bounds read vulnerability was discovered in `hep-tester/heptester.c` where `memcpy` calls at lines 200-201 read from fixed offsets in a packet buffer without verifying the buffer was large enough. An attacker could send a crafted packet shorter than 18 bytes to trigger the read, potentially leaking memory contents or crashing the capture agent. The fix adds a single bounds check against `pkthdr->caplen` before any memory copy operations.

#security#c#buffer-overflow+4 more
O
orbisai0security
Jun 3, 2026
critical8 min

Critical MMU Bounds Bypass: How a Missing Validation Exposes Host Memory

A critical out-of-bounds memory read vulnerability was discovered and patched in a RISC-V emulator's MMU address translation logic, where insufficient bounds validation in `mmu_ifetch` allowed malicious guest programs to read arbitrary host process memory. This class of vulnerability represents one of the most dangerous bugs in virtualization and emulation software, as it breaks the fundamental isolation boundary between guest and host. The fix reinforces address validation before any memory acc

#security#memory-safety#emulation+4 more
O
orbisai0security
May 21, 2026
critical9 min

Critical Buffer Overflow Fixed in libretro-common Socket Select Wrapper

A critical out-of-bounds memory read vulnerability was discovered and patched in libretro-common's network socket abstraction layer, where unsafe memcpy operations on caller-supplied fd_set pointers could lead to heap or stack memory corruption. Attackers or malicious inputs exploiting this flaw could potentially read sensitive memory regions or destabilize the application. The fix introduces proper source-size validation before performing memory copy operations on file descriptor sets.

#c#memory-safety#buffer-overflow+4 more
O
orbisai0security
May 17, 2026