CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 210 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13729 | Med | 0.42 | 6.5 | 0.03 | Aug 29, 2017 | There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | ||
| CVE-2017-12919 | Med | 0.42 | 6.5 | 0.01 | Aug 28, 2017 | Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image. | ||
| CVE-2017-13140 | Med | 0.42 | 6.5 | 0.02 | Aug 23, 2017 | In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT. | ||
| CVE-2017-13064 | Med | 0.42 | 6.5 | 0.02 | Aug 22, 2017 | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12. | ||
| CVE-2017-13063 | Med | 0.42 | 6.5 | 0.02 | Aug 22, 2017 | GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12. | ||
| CVE-2017-12966 | Med | 0.42 | 6.5 | 0.01 | Aug 20, 2017 | The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. | ||
| CVE-2016-6817 | Hig | 0.42 | 7.5 | 0.07 | Aug 10, 2017 | The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. | ||
| CVE-2017-6260 | Med | 0.42 | 6.5 | 0.00 | Jul 28, 2017 | NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service. | ||
| CVE-2017-11640 | Med | 0.42 | 6.5 | 0.03 | Jul 26, 2017 | When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | ||
| CVE-2017-11339 | Med | 0.42 | 6.5 | 0.01 | Jul 17, 2017 | There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. | ||
| CVE-2017-8420 | Med | 0.42 | 6.5 | 0.01 | Jul 5, 2017 | SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue… | ||
| CVE-2017-1310 | Med | 0.42 | 6.5 | 0.02 | Jun 29, 2017 | IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. | ||
| CVE-2017-9998 | Med | 0.42 | 6.5 | 0.02 | Jun 28, 2017 | The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file. | ||
| CVE-2017-9937 | Med | 0.42 | 6.5 | 0.03 | Jun 26, 2017 | In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack. | ||
| CVE-2015-3220 | Hig | 0.42 | 7.5 | 0.03 | Jun 13, 2017 | The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). | ||
| CVE-2017-6655 | Med | 0.42 | 6.5 | 0.01 | Jun 13, 2017 | A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects… | ||
| CVE-2016-3077 | Med | 0.42 | 6.5 | 0.01 | Jun 6, 2017 | The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs. | ||
| CVE-2017-9025 | Med | 0.42 | 6.5 | 0.02 | May 17, 2017 | Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header. | ||
| CVE-2017-2325 | Med | 0.42 | 6.5 | 0.01 | Apr 24, 2017 | A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. | ||
| CVE-2017-2316 | Med | 0.42 | 6.5 | 0.00 | Apr 24, 2017 | A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. |
- risk 0.42cvss 6.5epss 0.03
There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.01
Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.
- risk 0.42cvss 6.5epss 0.02
In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGImage function in coders/png.c allows remote attackers to cause a denial of service (application hang in LockSemaphoreInfo) via a PNG file with a width equal to MAGICK_WIDTH_LIMIT.
- risk 0.42cvss 6.5epss 0.02
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12.
- risk 0.42cvss 6.5epss 0.02
GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12.
- risk 0.42cvss 6.5epss 0.01
The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.
- risk 0.42cvss 7.5epss 0.07
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
- risk 0.42cvss 6.5epss 0.00
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer helper function where an incorrect calculation of string length may lead to denial of service.
- risk 0.42cvss 6.5epss 0.03
When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c.
- risk 0.42cvss 6.5epss 0.01
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
- risk 0.42cvss 6.5epss 0.01
SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue…
- risk 0.42cvss 6.5epss 0.02
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.
- risk 0.42cvss 6.5epss 0.02
The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
- risk 0.42cvss 6.5epss 0.03
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
- risk 0.42cvss 7.5epss 0.03
The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash).
- risk 0.42cvss 6.5epss 0.01
A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol implementation in Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition when an FCoE-related process unexpectedly reloads. This vulnerability affects…
- risk 0.42cvss 6.5epss 0.01
The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.
- risk 0.42cvss 6.5epss 0.02
Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) firmware 2.000.030 and earlier allows remote unauthenticated attackers to control the program counter via a specially crafted HTTP Cookie header.
- risk 0.42cvss 6.5epss 0.01
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.
- risk 0.42cvss 6.5epss 0.00
A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service.