VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 141 of 549
  • CVE-2017-14290HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

  • CVE-2017-14289HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e."

  • CVE-2017-14288HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7."

  • CVE-2017-14287HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb."

  • CVE-2017-14286HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c."

  • CVE-2017-14285HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000…

  • CVE-2017-14284HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!RtlGetCurrentDirectory_U+0x00000000…

  • CVE-2017-14283HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4."

  • CVE-2017-14282HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."

  • CVE-2017-14281HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at…

  • CVE-2017-14280HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at jbig2dec+0x000000000000571d."

  • CVE-2017-14279HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."

  • CVE-2017-14278HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005940."

  • CVE-2017-14277HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005956."

  • CVE-2017-14276HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe."

  • CVE-2017-14275HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

  • CVE-2017-14274HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."

  • CVE-2017-14273HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."

  • CVE-2017-14272HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at jbig2dec+0x000000000000595d."

  • CVE-2017-14271HigSep 11, 2017
    risk 0.51cvss 7.8epss 0.00

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e."