VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 227 of 549
  • CVE-2016-1732MedMar 24, 2016
    risk 0.36cvss 5.5epss 0.00

    AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2016-2529MedFeb 28, 2016
    risk 0.36cvss 5.5epss 0.01

    The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and…

  • CVE-2016-1907MedJan 19, 2016
    risk 0.36cvss 5.3epss 0.14

    The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

  • CVE-2015-8713MedJan 4, 2016
    risk 0.36cvss 5.5epss 0.03

    epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted…

  • CVE-2014-3478MedJul 9, 2014
    risk 0.36cvss 6.5epss 0.15

    Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a FILE_PSTRING…

  • CVE-2012-1571MedJul 17, 2012
    risk 0.36cvss 6.5epss 0.04

    file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.

  • CVE-2026-12330MedJun 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.

  • CVE-2026-4390MedMay 27, 2026
    risk 0.35cvss 5.4epss 0.00

    A weakness has been identified in TeamSpeak 3 Server up to 3.13.7. This affects the function process_resend_queue of the component Connection State Management. This manipulation causes use after free. The attack may be initiated remotely. Upgrading to version 3.13.8 is able to…

  • CVE-2026-34942MedApr 9, 2026
    risk 0.35cvss 6.5epss 0.00

    Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned…

  • CVE-2025-2401MedMar 17, 2025
    risk 0.35cvss epss 0.00

    Buffer overflow vulnerability in Immunity Debugger affecting version 1.85, its exploitation could allow a local attacker to execute arbitrary code, due to the lack of proper boundary checking.

  • CVE-2021-1424MedNov 18, 2024
    risk 0.35cvss 5.3epss 0.01

    A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2…

  • CVE-2024-1023MedMar 27, 2024
    risk 0.35cvss 6.5epss 0.02

    A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate…

  • CVE-2018-12541MedOct 10, 2018
    risk 0.35cvss 6.5epss 0.03

    In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an…

  • CVE-2017-15417MedAug 28, 2018
    risk 0.35cvss 5.3epss 0.02

    Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

  • CVE-2018-15871MedAug 25, 2018
    risk 0.35cvss 6.5epss 0.01

    An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-15870MedAug 25, 2018
    risk 0.35cvss 6.5epss 0.01

    An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-14443MedJul 20, 2018
    risk 0.35cvss 6.5epss 0.01

    get_first_owned_object in dwg.c in GNU LibreDWG 0.5.1036 allows remote attackers to cause a denial of service (SEGV).

  • CVE-2018-7527MedApr 26, 2018
    risk 0.35cvss 5.3epss 0.01

    A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.

  • CVE-2016-9601MedApr 24, 2018
    risk 0.35cvss 5.3epss 0.02

    ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted,…

  • CVE-2018-7511MedMar 20, 2018
    risk 0.35cvss 5.3epss 0.02

    In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code.