VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 221 of 549
  • CVE-2016-10713MedFeb 13, 2018
    risk 0.36cvss 5.5epss 0.02

    An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.

  • CVE-2018-6192MedJan 24, 2018
    risk 0.36cvss 5.5epss 0.02

    In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation violation and application crash) via a crafted pdf file.

  • CVE-2017-17811MedDec 21, 2017
    risk 0.36cvss 5.5epss 0.01

    In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

  • CVE-2017-8202MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The CameraISP driver of some Huawei smart phones with software of versions earlier than Prague-AL00AC00B205,versions earlier than Prague-AL00BC00B205,versions earlier than Prague-AL00CC00B205,versions earlier than Prague-TL00AC01B205,versions earlier than Prague-TL10AC01B205 has…

  • CVE-2017-8184MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    MTK platform in Huawei smart phones with software of earlier than Nice-AL00C00B160 versions, earlier than Nice-AL10C00B140 versions has a any memory access vulnerability. An attacker tricks a user into installing a malicious application on the smart phone, and send given…

  • CVE-2017-8149MedNov 22, 2017
    risk 0.36cvss 5.5epss 0.01

    The boot loaders of P10 and P10 Plus Huawei mobile phones with software the versions before Victoria-L09AC605B162, the versions before Victoria-L29AC605B162, the versions before Vicky-L29AC605B162 have an out-of-bounds memory access vulnerability due to the lack of parameter…

  • CVE-2017-16898MedNov 20, 2017
    risk 0.36cvss 5.5epss 0.01

    The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.

  • CVE-2017-1000127MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    Exiv2 0.26 contains a heap buffer overflow in tiff parser

  • CVE-2017-1000186MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a stack overflow was found in pdf2swf.

  • CVE-2017-1000185MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a memcpy buffer overflow was found in gif2swf.

  • CVE-2017-1000176MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a memcpy buffer overflow was found in swfc.

  • CVE-2017-1000174MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, an address access exception was found in swfdump swf_GetBits().

  • CVE-2017-15954MedOct 28, 2017
    risk 0.36cvss 5.5epss 0.01

    bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

  • CVE-2017-15953MedOct 28, 2017
    risk 0.36cvss 5.5epss 0.01

    bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file.

  • CVE-2017-7097MedOct 23, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Mail MessageUI" component. It allows attackers to cause a denial of service (memory corruption) via a crafted image.

  • CVE-2017-15372MedOct 16, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expand_i function of adpcm.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

  • CVE-2017-15370MedOct 16, 2017
    risk 0.36cvss 5.5epss 0.02

    There is a heap-based buffer overflow in the ImaExpandS function of ima_rw.c in Sound eXchange (SoX) 14.4.2. A Crafted input will lead to a denial of service attack during conversion of an audio file.

  • CVE-2017-8703MedOct 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".

  • CVE-2015-1206MedOct 6, 2017
    risk 0.36cvss 5.5epss 0.01

    Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.

  • CVE-2017-15046MedOct 6, 2017
    risk 0.36cvss 5.5epss 0.01

    LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.