CWE-823
AllowedUse of Out-of-range Pointer Offset
Abstraction: Base · Status: Incomplete
The product performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
177 vulnerabilities reference this CWE, most recent first.
GHSA-6956-6R33-F8XW
Vulnerability from github – Published: 2026-03-24 15:30 – Updated: 2026-06-30 03:35Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox < 149, Firefox ESR < 115.34, and Firefox ESR < 140.9.
{
"affected": [],
"aliases": [
"CVE-2026-4693"
],
"database_specific": {
"cwe_ids": [
"CWE-754",
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-24T13:16:05Z",
"severity": "HIGH"
},
"details": "Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability affects Firefox \u003c 149, Firefox ESR \u003c 115.34, and Firefox ESR \u003c 140.9.",
"id": "GHSA-6956-6r33-f8xw",
"modified": "2026-06-30T03:35:58Z",
"published": "2026-03-24T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4693"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5930"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8288"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8289"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8290"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8315"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8427"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8850"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-4693"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2018102"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450741"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4693.json"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-20"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-21"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-23"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5931"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:5932"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6188"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6342"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:6917"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7837"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7838"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7839"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7841"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7843"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7845"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7858"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8284"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8285"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:8286"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6CWR-J8FG-5C5X
Vulnerability from github – Published: 2024-11-04 12:32 – Updated: 2024-11-04 12:32Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.
{
"affected": [],
"aliases": [
"CVE-2024-23377"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-04T10:15:04Z",
"severity": "MODERATE"
},
"details": "Memory corruption while invoking IOCTL command from user-space, when a user modifies the original packet size of the command after system properties have been already sent to the EVA driver.",
"id": "GHSA-6cwr-j8fg-5c5x",
"modified": "2024-11-04T12:32:56Z",
"published": "2024-11-04T12:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23377"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6FQG-6WPV-H97Q
Vulnerability from github – Published: 2025-02-22 15:30 – Updated: 2025-03-18 21:31Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-12577"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-22T15:15:10Z",
"severity": "HIGH"
},
"details": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-6fqg-6wpv-h97q",
"modified": "2025-03-18T21:31:57Z",
"published": "2025-02-22T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12577"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6R2C-G7F8-6RFJ
Vulnerability from github – Published: 2023-07-04 06:30 – Updated: 2024-04-04 05:22Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.
{
"affected": [],
"aliases": [
"CVE-2023-22387"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-04T05:15:10Z",
"severity": "HIGH"
},
"details": "Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption.",
"id": "GHSA-6r2c-g7f8-6rfj",
"modified": "2024-04-04T05:22:41Z",
"published": "2023-07-04T06:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22387"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6X59-XC7R-C342
Vulnerability from github – Published: 2025-01-13 12:31 – Updated: 2025-01-31 18:31Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-52936"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-13T11:15:08Z",
"severity": "MODERATE"
},
"details": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-6x59-xc7r-c342",
"modified": "2025-01-31T18:31:05Z",
"published": "2025-01-13T12:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52936"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-732J-VMPR-MG9V
Vulnerability from github – Published: 2023-04-30 00:30 – Updated: 2023-04-30 00:30Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
{
"affected": [],
"aliases": [
"CVE-2023-2426"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-29T22:15:09Z",
"severity": "MODERATE"
},
"details": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.",
"id": "GHSA-732j-vmpr-mg9v",
"modified": "2023-04-30T00:30:15Z",
"published": "2023-04-30T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2426"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213844"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213845"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-74PX-F778-7G38
Vulnerability from github – Published: 2025-01-13 12:31 – Updated: 2025-01-13 21:30Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-52935"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-13T11:15:08Z",
"severity": "MODERATE"
},
"details": "Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-74px-f778-7g38",
"modified": "2025-01-13T21:30:52Z",
"published": "2025-01-13T12:31:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52935"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7MF3-W774-8G85
Vulnerability from github – Published: 2025-01-13 12:31 – Updated: 2025-01-13 18:31Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory.
{
"affected": [],
"aliases": [
"CVE-2024-47895"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-13T11:15:08Z",
"severity": "HIGH"
},
"details": "Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest\u0027s virtualised GPU memory.",
"id": "GHSA-7mf3-w774-8g85",
"modified": "2025-01-13T18:31:55Z",
"published": "2025-01-13T12:31:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47895"
},
{
"type": "WEB",
"url": "https://www.imaginationtech.com/gpu-driver-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-84JC-3C5Q-J52H
Vulnerability from github – Published: 2025-10-09 06:30 – Updated: 2025-10-09 06:30Memory corruption while processing an escape call.
{
"affected": [],
"aliases": [
"CVE-2025-47349"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-09T04:16:47Z",
"severity": "HIGH"
},
"details": "Memory corruption while processing an escape call.",
"id": "GHSA-84jc-3c5q-j52h",
"modified": "2025-10-09T06:30:24Z",
"published": "2025-10-09T06:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47349"
},
{
"type": "WEB",
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2025-bulletin.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-87X7-HF6Q-H4H9
Vulnerability from github – Published: 2022-02-21 00:00 – Updated: 2022-03-17 00:05Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
{
"affected": [],
"aliases": [
"CVE-2022-0685"
],
"database_specific": {
"cwe_ids": [
"CWE-823"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-20T11:15:00Z",
"severity": "HIGH"
},
"details": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.",
"id": "GHSA-87x7-hf6q-h4h9",
"modified": "2022-03-17T00:05:27Z",
"published": "2022-02-21T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0685"
},
{
"type": "WEB",
"url": "https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-32"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213488"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.