CWE-123 · Write-what-where Condition
37 CVEs classified under CWE-123 (Write-what-where Condition). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42479 | Critical | 10.0 | 2024-08-12 | llama.cpp provides LLM inference in C/C++. The unsafe `data` pointer member in the `rpc_tensor` structure can cause arbitrary address writing. This vulnerabili… |
CVE-2022-38143 | Critical | 9.8 | 2022-12-23 | A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to ar… |
CVE-2021-38449 | Critical | 9.8 | 2021-10-22 | Some API functions permit by-design writing or copying data into a given buffer. Since the client controls these parameters, an attacker could rewrite the memo… |
CVE-2015-8271 | Critical | 9.8 | 2017-04-13 | The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. |
CVE-2026-43284 | High | 8.8 | 2026-05-08 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages f… |
CVE-2025-62164 | High | 8.8 | 2025-11-21 | vLLM is an inference and serving engine for large language models (LLMs). From versions 0.10.2 to before 0.11.1, a memory corruption vulnerability could lead t… |
CVE-2025-9900 | High | 8.8 | 2025-09-23 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. B… |
CVE-2025-33045 | High | 8.2 | 2025-09-09 | APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unautho… |
CVE-2020-2001 | High | 8.1 | 2020-05-13 | An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with net… |
CVE-2021-42540 | High | 8.0 | 2021-10-22 | The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the set… |
CVE-2026-41952 | High | 7.8 | 2026-04-29 | Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acro… |
CVE-2026-25634 | High | 7.8 | 2026-02-06 | iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4… |
CVE-2024-45142 | High | 7.8 | 2024-10-09 | Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary co… |
CVE-2024-20741 | High | 7.8 | 2024-02-15 | Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in th… |
CVE-2021-45465 | High | 7.8 | 2024-01-04 | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP f… |
CVE-2025-7403 | High | 7.6 | 2025-09-19 | Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precis… |
CVE-2025-55298 | High | 7.5 | 2025-08-26 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format st… |
CVE-2024-6563 | High | 7.5 | 2024-07-08 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. This vulne… |
CVE-2017-10994 | High | 7.3 | 2017-07-07 | Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a craf… |
CVE-2021-1520 | Medium | 6.7 | 2021-05-06 | A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local a… |