VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 229 of 549
  • CVE-2017-9502MedJun 14, 2017
    risk 0.35cvss 5.3epss 0.03

    In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based…

  • CVE-2015-8957MedApr 20, 2017
    risk 0.35cvss 6.5epss 0.03

    Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file.

  • CVE-2017-5238MedMar 27, 2017
    risk 0.35cvss 5.3epss 0.01

    Due to a lack of bounds checking, several input configuration fields for the Eview EV-07S GPS Tracker will overflow data stored in one variable to another, overwriting the data of another field.

  • CVE-2017-3879MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    A Denial of Service vulnerability in the remote login functionality for Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a process used for login to terminate unexpectedly and the login attempt to fail.…

  • CVE-2017-3878MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    A Denial of Service vulnerability in the Telnet remote login functionality of Cisco NX-OS Software running on Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause a Telnet process used for login to terminate unexpectedly and the login attempt…

  • CVE-2016-9804MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.03

    In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This…

  • CVE-2016-9803MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.02

    In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.

  • CVE-2016-9802MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.03

    In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

  • CVE-2016-9801MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.03

    In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.

  • CVE-2016-9800MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.03

    In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp"…

  • CVE-2016-9799MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.02

    In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.

  • CVE-2016-9797MedDec 3, 2016
    risk 0.35cvss 5.3epss 0.04

    In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.

  • CVE-2016-9118MedOct 30, 2016
    risk 0.35cvss 5.3epss 0.03

    Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

  • CVE-2016-0775MedApr 13, 2016
    risk 0.35cvss 6.5epss 0.03

    Buffer overflow in the ImagingFliDecode function in libImaging/FliDecode.c in Pillow before 3.1.1 allows remote attackers to cause a denial of service (crash) via a crafted FLI file.

  • CVE-2016-0740MedApr 13, 2016
    risk 0.35cvss 6.5epss 0.02

    Buffer overflow in the ImagingLibTiffDecode function in libImaging/TiffDecode.c in Pillow before 3.1.1 allows remote attackers to overwrite memory via a crafted TIFF file.

  • CVE-2015-5295MedJan 20, 2016
    risk 0.35cvss 5.4epss 0.03

    The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a…

  • CVE-2013-0270MedApr 12, 2013
    risk 0.35cvss 6.5epss 0.03

    A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources…

  • CVE-2009-1605MedMay 11, 2009
    risk 0.35cvss 5.4epss 0.03

    Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details…

  • CVE-2026-12329MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.

  • CVE-2026-12308MedJun 16, 2026
    risk 0.34cvss 5.3epss 0.00

    Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.