VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 160 of 549
  • CVE-2017-0023HigMar 17, 2017
    risk 0.51cvss 7.5epss 0.34

    The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

  • CVE-2017-0015HigMar 17, 2017
    risk 0.51cvss 7.5epss 0.26

    A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the…

  • CVE-2017-6429HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet.

  • CVE-2017-6852HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.

  • CVE-2017-6844HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-6843HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.

  • CVE-2017-6828HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in the readValue function in FileHandle.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted WAV file.

  • CVE-2017-6827HigMar 15, 2017
    risk 0.51cvss 7.8epss 0.03

    Heap-based buffer overflow in the MSADPCM::initializeCoefficients function in MSADPCM.cpp in audiofile (aka libaudiofile and Audio File Library) 0.3.6 allows remote attackers to have unspecified impact via a crafted audio file.

  • CVE-2017-0477HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that…

  • CVE-2017-0476HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an…

  • CVE-2017-0474HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.02

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0473HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0472HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0471HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0470HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0469HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0468HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0467HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-0466HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.01

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of…

  • CVE-2017-6319HigMar 2, 2017
    risk 0.51cvss 7.8epss 0.01

    The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file.