CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,861)

page 20 of 494

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2014-9846	Cri	0.64	9.8	0.03	Mar 20, 2017	Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2014-9843	Cri	0.64	9.8	0.02	Mar 20, 2017	The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-10253	Cri	0.64	9.8	0.00	Mar 18, 2017	An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
CVE-2015-8981	Cri	0.64	9.8	0.00	Mar 16, 2017	Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
CVE-2017-6023	Cri	0.64	9.8	0.04	Mar 16, 2017	An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
CVE-2017-5522	Cri	0.64	9.8	0.06	Mar 15, 2017	Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
CVE-2017-5581	Cri	0.64	9.8	0.03	Feb 28, 2017	Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
CVE-2016-1245	Cri	0.64	9.8	0.01	Feb 22, 2017	It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
CVE-2016-9400	Cri	0.64	9.8	0.03	Feb 22, 2017	The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
CVE-2016-7663	Cri	0.64	9.8	0.03	Feb 20, 2017	An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
CVE-2016-8364	Cri	0.64	9.8	0.01	Feb 13, 2017	An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.
CVE-2016-10192	Cri	0.64	9.8	0.05	Feb 9, 2017	Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191	Cri	0.64	9.8	0.08	Feb 9, 2017	Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-10190	Cri	0.64	9.8	0.10	Feb 9, 2017	Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
CVE-2016-7447	Cri	0.64	9.8	0.02	Feb 6, 2017	Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-7446	Cri	0.64	9.8	0.03	Feb 6, 2017	Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVE-2016-10164	Cri	0.64	9.8	0.04	Feb 1, 2017	Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
CVE-2017-5486	Cri	0.64	9.8	0.01	Jan 28, 2017	The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
CVE-2017-5485	Cri	0.64	9.8	0.01	Jan 28, 2017	The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
CVE-2017-5484	Cri	0.64	9.8	0.02	Jan 28, 2017	The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().

CVE-2014-9846CriMar 20, 2017
risk 0.64cvss 9.8epss 0.03
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact.
CVE-2014-9843CriMar 20, 2017
risk 0.64cvss 9.8epss 0.02
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-10253CriMar 18, 2017
risk 0.64cvss 9.8epss 0.00
An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
CVE-2015-8981CriMar 16, 2017
risk 0.64cvss 9.8epss 0.00
Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size.
CVE-2017-6023CriMar 16, 2017
risk 0.64cvss 9.8epss 0.04
An issue was discovered in Fatek Automation PLC Ethernet Module. The affected Ether_cfg software configuration tool runs on the following Fatek PLCs: CBEH versions prior to V3.6 Build 170215, CBE versions prior to V3.6 Build 170215, CM55E versions prior to V3.6 Build 170215, and CM25E versions prior to V3.6 Build 170215. A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution or crash the affected device.
CVE-2017-5522CriMar 15, 2017
risk 0.64cvss 9.8epss 0.06
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.
CVE-2017-5581CriFeb 28, 2017
risk 0.64cvss 9.8epss 0.03
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.
CVE-2016-1245CriFeb 22, 2017
risk 0.64cvss 9.8epss 0.01
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent.
CVE-2016-9400CriFeb 22, 2017
risk 0.64cvss 9.8epss 0.03
The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.
CVE-2016-7663CriFeb 20, 2017
risk 0.64cvss 9.8epss 0.03
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.
CVE-2016-8364CriFeb 13, 2017
risk 0.64cvss 9.8epss 0.01
An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.
CVE-2016-10192CriFeb 9, 2017
risk 0.64cvss 9.8epss 0.05
Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.
CVE-2016-10191CriFeb 9, 2017
risk 0.64cvss 9.8epss 0.08
Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.
CVE-2016-10190CriFeb 9, 2017
risk 0.64cvss 9.8epss 0.10
Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.
CVE-2016-7447CriFeb 6, 2017
risk 0.64cvss 9.8epss 0.02
Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors.
CVE-2016-7446CriFeb 6, 2017
risk 0.64cvss 9.8epss 0.03
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317.
CVE-2016-10164CriFeb 1, 2017
risk 0.64cvss 9.8epss 0.04
Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow.
CVE-2017-5486CriJan 28, 2017
risk 0.64cvss 9.8epss 0.01
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().
CVE-2017-5485CriJan 28, 2017
risk 0.64cvss 9.8epss 0.01
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().
CVE-2017-5484CriJan 28, 2017
risk 0.64cvss 9.8epss 0.02
The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().