CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,878)

page 166 of 494

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-8834	OpenSUSE Leap	Med	0.42	6.5	0.01	Jun 12, 2017	The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-2016-3077	—	Med	0.42	6.5	0.00	Jun 6, 2017	The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
CVE-2017-2325	Juniper Networks Northstar Controller	Med	0.42	6.5	0.00	Apr 24, 2017	A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
CVE-2017-2316	Juniper Networks Northstar Controller	Med	0.42	6.5	0.00	Apr 24, 2017	A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
CVE-2015-8957	—	Med	0.42	6.5	0.01	Apr 20, 2017	Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CVE-2016-8802	Huawei Secospace Usg6300 Firmware	Med	0.42	6.5	0.00	Apr 2, 2017	The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.
CVE-2017-6209	Virglrenderer Project Virglrenderer	Med	0.42	6.5	0.00	Mar 15, 2017	Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.
CVE-2015-4409	Hikvision Ds 76xxx Series Firmware	Med	0.42	6.5	0.01	Mar 13, 2017	Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
CVE-2015-4408	Hikvision Ds 76xxx Series Firmware	Med	0.42	6.5	0.01	Mar 13, 2017	Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
CVE-2015-4407	Hikvision Ds 76xxx Series Firmware	Med	0.42	6.5	0.01	Mar 13, 2017	Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.
CVE-2016-8971	—	Med	0.42	6.5	0.00	Mar 7, 2017	IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
CVE-2016-5321	—	Med	0.42	6.5	0.00	Jan 20, 2017	The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
CVE-2016-5319	LibTIFF Libtiff	Med	0.42	6.5	0.01	Jan 20, 2017	Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
CVE-2016-5318	—	Med	0.42	6.5	0.01	Jan 20, 2017	Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
CVE-2016-5317	—	Med	0.42	6.5	0.01	Jan 20, 2017	Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
CVE-2016-9846	QEMU Qemu	Med	0.42	6.5	0.00	Dec 29, 2016	QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
CVE-2016-9632	Tats W3m	Med	0.42	6.5	0.01	Dec 12, 2016	An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
CVE-2016-9630	Tats W3m	Med	0.42	6.5	0.01	Dec 12, 2016	An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
CVE-2016-9627	Tats W3m	Med	0.42	6.5	0.01	Dec 12, 2016	An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
CVE-2016-9626	Tats W3m	Med	0.42	6.5	0.01	Dec 12, 2016	An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

CVE-2017-8834MedJun 12, 2017
OpenSUSE
Leap
risk 0.42cvss 6.5epss 0.01
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
CVE-2016-3077MedJun 6, 2017
risk 0.42cvss 6.5epss 0.00
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
CVE-2017-2325MedApr 24, 2017
Juniper Networks
Northstar Controller
risk 0.42cvss 6.5epss 0.00
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
CVE-2017-2316MedApr 24, 2017
Juniper Networks
Northstar Controller
risk 0.42cvss 6.5epss 0.00
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
CVE-2015-8957MedApr 20, 2017
risk 0.42cvss 6.5epss 0.01
Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.
CVE-2016-8802MedApr 2, 2017
Huawei
Secospace Usg6300 Firmware
risk 0.42cvss 6.5epss 0.00
The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.
CVE-2017-6209MedMar 15, 2017
Virglrenderer Project
Virglrenderer
risk 0.42cvss 6.5epss 0.00
Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.
CVE-2015-4409MedMar 13, 2017
Hikvision
Ds 76xxx Series Firmware
risk 0.42cvss 6.5epss 0.01
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue.
CVE-2015-4408MedMar 13, 2017
Hikvision
Ds 76xxx Series Firmware
risk 0.42cvss 6.5epss 0.01
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
CVE-2015-4407MedMar 13, 2017
Hikvision
Ds 76xxx Series Firmware
risk 0.42cvss 6.5epss 0.01
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the PSIA issue.
CVE-2016-8971MedMar 7, 2017
risk 0.42cvss 6.5epss 0.00
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
CVE-2016-5321MedJan 20, 2017
risk 0.42cvss 6.5epss 0.00
The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.
CVE-2016-5319MedJan 20, 2017
LibTIFF
Libtiff
risk 0.42cvss 6.5epss 0.01
Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.
CVE-2016-5318MedJan 20, 2017
risk 0.42cvss 6.5epss 0.01
Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.
CVE-2016-5317MedJan 20, 2017
risk 0.42cvss 6.5epss 0.01
Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.
CVE-2016-9846MedDec 29, 2016
QEMU
Qemu
risk 0.42cvss 6.5epss 0.00
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
CVE-2016-9632MedDec 12, 2016
Tats
W3m
risk 0.42cvss 6.5epss 0.01
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
CVE-2016-9630MedDec 12, 2016
Tats
W3m
risk 0.42cvss 6.5epss 0.01
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
CVE-2016-9627MedDec 12, 2016
Tats
W3m
risk 0.42cvss 6.5epss 0.01
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
CVE-2016-9626MedDec 12, 2016
Tats
W3m
risk 0.42cvss 6.5epss 0.01
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.