VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 137 of 549
  • CVE-2017-14693HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at DJVU!GetPlugInInfo+0x000000000001c613."

  • CVE-2017-14692HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."

  • CVE-2017-14691HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."

  • CVE-2017-14690HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."

  • CVE-2017-14689HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at…

  • CVE-2017-14688HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."

  • CVE-2017-14687HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of…

  • CVE-2017-14686HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in…

  • CVE-2017-14685HigSep 22, 2017
    risk 0.51cvss 7.8epss 0.01

    Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016aa61" on Windows. This occurs because…

  • CVE-2017-9677HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another…

  • CVE-2017-11000HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write.

  • CVE-2017-10999HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks.

  • CVE-2017-10998HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the…

  • CVE-2017-10997HigSep 21, 2017
    risk 0.51cvss 7.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory.

  • CVE-2017-14580HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.41 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000870f."

  • CVE-2017-14579HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."

  • CVE-2017-14578HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.01

    IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."

  • CVE-2017-14577HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."

  • CVE-2017-14576HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281."

  • CVE-2017-14575HigSep 18, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."