VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 226 of 549
  • CVE-2016-8685MedJan 31, 2017
    risk 0.36cvss 5.5epss 0.01

    The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image.

  • CVE-2016-9298MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.02

    Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.

  • CVE-2017-5217MedJan 9, 2017
    risk 0.36cvss 5.5epss 0.01

    Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app…

  • CVE-2017-5216MedJan 9, 2017
    risk 0.36cvss 5.5epss 0.01

    Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs.…

  • CVE-2016-7562MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.02

    The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

  • CVE-2016-8104MedDec 8, 2016
    risk 0.36cvss 5.5epss 0.00

    Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.

  • CVE-2016-3638MedOct 13, 2016
    risk 0.36cvss 5.5epss 0.01

    SAP SLD Registration Program (aka SLDREG) allows local users to cause a denial of service (memory corruption and process termination) via a crafted HOST parameter, aka SAP Security Note 2125623.

  • CVE-2015-8929MedSep 20, 2016
    risk 0.36cvss 5.5epss 0.02

    Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

  • CVE-2016-3881MedSep 11, 2016
    risk 0.36cvss 5.5epss 0.01

    The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and…

  • CVE-2015-8808MedJul 13, 2016
    risk 0.36cvss 5.5epss 0.02

    The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file.

  • CVE-2016-5308MedJul 12, 2016
    risk 0.36cvss 5.5epss 0.02

    The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.

  • CVE-2015-8893MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.

  • CVE-2016-5232MedJun 30, 2016
    risk 0.36cvss 5.5epss 0.01

    Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to cause a denial of service (system crash) via a crafted app.

  • CVE-2016-3977MedApr 21, 2016
    risk 0.36cvss 5.5epss 0.02

    Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.

  • CVE-2015-7802MedApr 20, 2016
    risk 0.36cvss 5.5epss 0.02

    gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file.

  • CVE-2016-3941MedApr 18, 2016
    risk 0.36cvss 5.5epss 0.01

    Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."

  • CVE-2015-8683MedApr 13, 2016
    risk 0.36cvss 5.5epss 0.03

    The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image.

  • CVE-2015-8665MedApr 13, 2016
    risk 0.36cvss 5.5epss 0.03

    tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image.

  • CVE-2016-2533MedApr 13, 2016
    risk 0.36cvss 6.5epss 0.04

    Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.

  • CVE-2015-7555MedApr 13, 2016
    risk 0.36cvss 5.5epss 0.01

    Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file.