VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 140 of 549
  • CVE-2017-14310HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."

  • CVE-2017-14309HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."

  • CVE-2017-14308HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."

  • CVE-2017-14307HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402."

  • CVE-2017-14306HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10."

  • CVE-2017-14305HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578."

  • CVE-2017-14304HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0."

  • CVE-2017-14303HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047."

  • CVE-2017-14302HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7."

  • CVE-2017-14301HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3."

  • CVE-2017-14300HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479."

  • CVE-2017-14299HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b."

  • CVE-2017-14298HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."

  • CVE-2017-14297HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35."

  • CVE-2017-14296HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6."

  • CVE-2017-14295HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9."

  • CVE-2017-14294HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e."

  • CVE-2017-14293HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."

  • CVE-2017-14292HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e."

  • CVE-2017-14291HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8."