CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,878)

page 177 of 494

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-7585	Libsndfile Project Libsndfile	Med	0.36	5.5	0.00	Apr 7, 2017	In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-5950	Yaml Cpp Project Yaml Cpp	Med	0.36	5.5	0.01	Apr 3, 2017	The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-7275	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 27, 2017	The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
CVE-2017-6459	Ntp Ntp	Med	0.36	5.5	0.00	Mar 27, 2017	The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
CVE-2017-5508	ImageMagick Imagemagick	Med	0.36	5.5	0.01	Mar 24, 2017	Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVE-2016-9556	—	Med	0.36	5.5	0.00	Mar 23, 2017	The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2016-9264	Libming Libming	Med	0.36	5.5	0.00	Mar 23, 2017	Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
CVE-2016-9011	—	Med	0.36	5.5	0.00	Mar 23, 2017	The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
CVE-2016-10046	—	Med	0.36	5.5	0.00	Mar 23, 2017	Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10255	Elfutils Project Elfutils	Med	0.36	5.5	0.01	Mar 23, 2017	The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
CVE-2016-10254	Elfutils Project Elfutils	Med	0.36	5.5	0.01	Mar 23, 2017	The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
CVE-2014-9840	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 22, 2017	ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVE-2014-9836	ImageMagick Imagemagick	Med	0.36	5.5	0.00	Mar 22, 2017	ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVE-2017-7210	—	Med	0.36	5.5	0.00	Mar 21, 2017	objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-6836	Debian Debian Linux	Med	0.36	5.5	0.05	Mar 20, 2017	Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6834	Debian Debian Linux	Med	0.36	5.5	0.04	Mar 20, 2017	Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6832	Debian Debian Linux	Med	0.36	5.5	0.05	Mar 20, 2017	Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6831	Debian Debian Linux	Med	0.36	5.5	0.03	Mar 20, 2017	Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6830	Audiofile Audiofile	Med	0.36	5.5	0.05	Mar 20, 2017	Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2014-9845	OpenSUSE openSUSE	Med	0.36	5.5	0.00	Mar 20, 2017	The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.

CVE-2017-7585MedApr 7, 2017
Libsndfile Project
Libsndfile
risk 0.36cvss 5.5epss 0.00
In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a stack-based buffer overflow via a specially crafted FLAC file.
CVE-2017-5950MedApr 3, 2017
Yaml Cpp Project
Yaml Cpp
risk 0.36cvss 5.5epss 0.01
The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
CVE-2017-7275MedMar 27, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.
CVE-2017-6459MedMar 27, 2017
Ntp
Ntp
risk 0.36cvss 5.5epss 0.00
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
CVE-2017-5508MedMar 24, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.01
Heap-based buffer overflow in the PushQuantumPixel function in ImageMagick before 6.9.7-3 and 7.x before 7.0.4-3 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF file.
CVE-2016-9556MedMar 23, 2017
risk 0.36cvss 5.5epss 0.00
The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3-8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.
CVE-2016-9264MedMar 23, 2017
Libming
Libming
risk 0.36cvss 5.5epss 0.00
Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
CVE-2016-9011MedMar 23, 2017
risk 0.36cvss 5.5epss 0.00
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
CVE-2016-10046MedMar 23, 2017
risk 0.36cvss 5.5epss 0.00
Heap-based buffer overflow in the DrawImage function in magick/draw.c in ImageMagick before 6.9.5-5 allows remote attackers to cause a denial of service (application crash) via a crafted image file.
CVE-2016-10255MedMar 23, 2017
Elfutils Project
Elfutils
risk 0.36cvss 5.5epss 0.01
The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted (1) sh_off or (2) sh_size ELF header value, which triggers a memory allocation failure.
CVE-2016-10254MedMar 23, 2017
Elfutils Project
Elfutils
risk 0.36cvss 5.5epss 0.01
The allocate_elf function in common.h in elfutils before 0.168 allows remote attackers to cause a denial of service (crash) via a crafted ELF file, which triggers a memory allocation failure.
CVE-2014-9840MedMar 22, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file.
CVE-2014-9836MedMar 22, 2017
ImageMagick
Imagemagick
risk 0.36cvss 5.5epss 0.00
ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file.
CVE-2017-7210MedMar 21, 2017
risk 0.36cvss 5.5epss 0.00
objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buffer over-reads (of size 1 and size 8) while handling corrupt STABS enum type strings in a crafted object file, leading to program crash.
CVE-2017-6836MedMar 20, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.05
Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6834MedMar 20, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.04
Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6832MedMar 20, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.05
Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6831MedMar 20, 2017
Debian
Debian Linux
risk 0.36cvss 5.5epss 0.03
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in Audio File Library (aka audiofile) 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 and 0.2.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-6830MedMar 20, 2017
Audiofile
Audiofile
risk 0.36cvss 5.5epss 0.05
Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2014-9845MedMar 20, 2017
OpenSUSE
openSUSE
risk 0.36cvss 5.5epss 0.00
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.