VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (12,280)

page 274 of 614
  • CVE-2022-22716MedFeb 9, 2022
    risk 0.36cvss 5.5epss 0.05

    Microsoft Excel Information Disclosure Vulnerability

  • CVE-2021-44992MedJan 25, 2022
    risk 0.36cvss 5.5epss 0.01

    There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.

  • CVE-2021-46333MedJan 20, 2022
    risk 0.36cvss 5.5epss 0.01

    Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove.

  • CVE-2021-45767MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id(). This vulnerability can lead to a Denial of Service (DoS).

  • CVE-2021-45764MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().

  • CVE-2021-45067MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.04

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this…

  • CVE-2021-44712MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.02

    Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service. Exploitation of this issue requires…

  • CVE-2021-39633MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.00

    In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…

  • CVE-2021-45762MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset(). This vulnerability allows attackers to cause a Denial of Service (DoS).

  • CVE-2021-45760MedJan 14, 2022
    risk 0.36cvss 5.5epss 0.01

    GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last(). This vulnerability allows attackers to cause a Denial of Service (DoS).

  • CVE-2021-46053MedJan 10, 2022
    risk 0.36cvss 5.5epss 0.01

    A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.

  • CVE-2021-44920MedDec 21, 2021
    risk 0.36cvss 5.5epss 0.01

    An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.

  • CVE-2021-45293MedDec 21, 2021
    risk 0.36cvss 5.5epss 0.01

    A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.

  • CVE-2021-26336MedNov 16, 2021
    risk 0.36cvss 5.5epss 0.00

    Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components.

  • CVE-2021-36077MedSep 1, 2021
    risk 0.36cvss 5.5epss 0.02

    Adobe Bridge version 11.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in local application denial of service in the context of the current user. User interaction is required to exploit…

  • CVE-2021-3605MedAug 25, 2021
    risk 0.36cvss 5.5epss 0.01

    There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.

  • CVE-2021-3598MedJul 6, 2021
    risk 0.36cvss 5.5epss 0.00

    There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application…

  • CVE-2021-20284MedMar 26, 2021
    risk 0.36cvss 5.5epss 0.01

    A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability.

  • CVE-2020-35522MedMar 9, 2021
    risk 0.36cvss 5.5epss 0.02

    In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack.

  • CVE-2020-35521MedMar 9, 2021
    risk 0.36cvss 5.5epss 0.01

    A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service.