CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (9,861)
page 253 of 494| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-4107 | 0.04 | — | 0.15 | Nov 29, 2009 | Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string. | ||
| CVE-2009-3969 | 0.04 | — | 0.12 | Nov 18, 2009 | Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file. | ||
| CVE-2009-3947 | 0.04 | — | 0.17 | Nov 16, 2009 | Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters. | ||
| CVE-2009-3861 | 0.04 | — | 0.07 | Nov 4, 2009 | Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | ||
| CVE-2009-3859 | 0.04 | — | 0.18 | Nov 4, 2009 | Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry. | ||
| CVE-2009-3857 | 0.04 | — | 0.06 | Nov 4, 2009 | Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which triggers the crash when a scroll bar is used. | ||
| CVE-2009-3373 | 0.04 | — | 0.12 | Oct 29, 2009 | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2009-3810 | 0.04 | — | 0.13 | Oct 27, 2009 | Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. | ||
| CVE-2009-3717 | 0.04 | — | 0.12 | Oct 16, 2009 | Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file. | ||
| CVE-2009-3709 | 0.04 | — | 0.10 | Oct 16, 2009 | Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag. | ||
| CVE-2009-2501 | 0.04 | — | 0.54 | Oct 14, 2009 | Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability." | ||
| CVE-2009-3574 | 0.04 | — | 0.14 | Oct 6, 2009 | Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow. | ||
| CVE-2009-3536 | 0.04 | — | 0.08 | Oct 2, 2009 | Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file. | ||
| CVE-2009-3484 | 0.04 | — | 0.08 | Sep 30, 2009 | Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information. | ||
| CVE-2009-3364 | 0.04 | — | 0.06 | Sep 24, 2009 | Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | ||
| CVE-2009-3338 | 0.04 | — | 0.12 | Sep 24, 2009 | Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file. | ||
| CVE-2009-3254 | 0.04 | — | 0.19 | Sep 18, 2009 | Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file. | ||
| CVE-2009-3221 | 0.04 | — | 0.08 | Sep 16, 2009 | Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file. | ||
| CVE-2009-3170 | 0.04 | — | 0.12 | Sep 11, 2009 | Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file. | ||
| CVE-2008-7182 | 0.04 | — | 0.11 | Sep 8, 2009 | Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859. |
- CVE-2009-4107Nov 29, 2009risk 0.04cvss —epss 0.15
Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string.
- CVE-2009-3969Nov 18, 2009risk 0.04cvss —epss 0.12
Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
- CVE-2009-3947Nov 16, 2009risk 0.04cvss —epss 0.17
Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters.
- CVE-2009-3861Nov 4, 2009risk 0.04cvss —epss 0.07
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).
- CVE-2009-3859Nov 4, 2009risk 0.04cvss —epss 0.18
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.
- CVE-2009-3857Nov 4, 2009risk 0.04cvss —epss 0.06
Buffer overflow in Softonic International SciTE 1.72 allows user-assisted remote attackers to cause a denial of service (application crash) via a Ruby (.rb) file containing a long string, which triggers the crash when a scroll bar is used.
- CVE-2009-3373Oct 29, 2009risk 0.04cvss —epss 0.12
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2009-3810Oct 27, 2009risk 0.04cvss —epss 0.13
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
- CVE-2009-3717Oct 16, 2009risk 0.04cvss —epss 0.12
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
- CVE-2009-3709Oct 16, 2009risk 0.04cvss —epss 0.10
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
- CVE-2009-2501Oct 14, 2009risk 0.04cvss —epss 0.54
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
- CVE-2009-3574Oct 6, 2009risk 0.04cvss —epss 0.14
Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow.
- CVE-2009-3536Oct 2, 2009risk 0.04cvss —epss 0.08
Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.
- CVE-2009-3484Sep 30, 2009risk 0.04cvss —epss 0.08
Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information.
- CVE-2009-3364Sep 24, 2009risk 0.04cvss —epss 0.06
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
- CVE-2009-3338Sep 24, 2009risk 0.04cvss —epss 0.12
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
- CVE-2009-3254Sep 18, 2009risk 0.04cvss —epss 0.19
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
- CVE-2009-3221Sep 16, 2009risk 0.04cvss —epss 0.08
Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file.
- CVE-2009-3170Sep 11, 2009risk 0.04cvss —epss 0.12
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
- CVE-2008-7182Sep 8, 2009risk 0.04cvss —epss 0.11
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.