CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 221 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10713 | Med | 0.36 | 5.5 | 0.02 | Feb 13, 2018 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | ||
| CVE-2018-6192 | Med | 0.36 | 5.5 | 0.02 | Jan 24, 2018 | In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file. | ||
| CVE-2017-17811 | Med | 0.36 | 5.5 | 0.01 | Dec 21, 2017 | In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. | ||
| CVE-2017-8202 | Med | 0.36 | 5.5 | 0.01 | Nov 22, 2017 | The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has… | ||
| CVE-2017-8184 | Med | 0.36 | 5.5 | 0.01 | Nov 22, 2017 | MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given… | ||
| CVE-2017-8149 | Med | 0.36 | 5.5 | 0.01 | Nov 22, 2017 | The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter… | ||
| CVE-2017-16898 | Med | 0.36 | 5.5 | 0.01 | Nov 20, 2017 | The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264. | ||
| CVE-2017-1000127 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | Exiv2 0.26 contains a heap buffer overflow in tiff parser | ||
| CVE-2017-1000186 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a stack overflow was found in pdf2swf. | ||
| CVE-2017-1000185 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a memcpy buffer overflow was found in gif2swf. | ||
| CVE-2017-1000176 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a memcpy buffer overflow was found in swfc. | ||
| CVE-2017-1000174 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, an address access exception was found in swfdump swf_GetBits(). | ||
| CVE-2017-15954 | Med | 0.36 | 5.5 | 0.01 | Oct 28, 2017 | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. | ||
| CVE-2017-15953 | Med | 0.36 | 5.5 | 0.01 | Oct 28, 2017 | bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. | ||
| CVE-2017-7097 | Med | 0.36 | 5.5 | 0.01 | Oct 23, 2017 | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image. | ||
| CVE-2017-15372 | Med | 0.36 | 5.5 | 0.02 | Oct 16, 2017 | There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||
| CVE-2017-15370 | Med | 0.36 | 5.5 | 0.02 | Oct 16, 2017 | There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file. | ||
| CVE-2017-8703 | Med | 0.36 | 5.5 | 0.02 | Oct 13, 2017 | The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | ||
| CVE-2015-1206 | Med | 0.36 | 5.5 | 0.01 | Oct 6, 2017 | Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. | ||
| CVE-2017-15046 | Med | 0.36 | 5.5 | 0.01 | Oct 6, 2017 | LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412. |
- risk 0.36cvss 5.5epss 0.02
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
- risk 0.36cvss 5.5epss 0.02
In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.
- risk 0.36cvss 5.5epss 0.01
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
- risk 0.36cvss 5.5epss 0.01
The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has…
- risk 0.36cvss 5.5epss 0.01
MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given…
- risk 0.36cvss 5.5epss 0.01
The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter…
- risk 0.36cvss 5.5epss 0.01
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.
- risk 0.36cvss 5.5epss 0.01
Exiv2 0.26 contains a heap buffer overflow in tiff parser
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a stack overflow was found in pdf2swf.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a memcpy buffer overflow was found in gif2swf.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a memcpy buffer overflow was found in swfc.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, an address access exception was found in swfdump swf_GetBits().
- risk 0.36cvss 5.5epss 0.01
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.
- risk 0.36cvss 5.5epss 0.01
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.
- risk 0.36cvss 5.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image.
- risk 0.36cvss 5.5epss 0.02
There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- risk 0.36cvss 5.5epss 0.02
There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.
- risk 0.36cvss 5.5epss 0.02
The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".
- risk 0.36cvss 5.5epss 0.01
Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.
- risk 0.36cvss 5.5epss 0.01
LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.