VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (12,280)

page 286 of 614
  • CVE-2014-125014MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch…

  • CVE-2014-125013MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix…

  • CVE-2014-125009MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this…

  • CVE-2014-125008MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch…

  • CVE-2014-125007MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a…

  • CVE-2014-125006MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a…

  • CVE-2014-125005MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to…

  • CVE-2014-125004MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch…

  • CVE-2014-125003MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this…

  • CVE-2014-125002MedJun 18, 2022
    risk 0.35cvss 5.3epss 0.01

    A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch…

  • CVE-2021-3470MedMar 31, 2021
    risk 0.35cvss 5.3epss 0.01

    A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority…

  • CVE-2020-5383MedAug 27, 2020
    risk 0.35cvss 5.3epss 0.01

    Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS version 9.0.0 contains a buffer overflow vulnerability in the Likewise component. A remote unauthenticated malicious attacker may potentially exploit this vulnerability to cause a process restart.

  • CVE-2019-20392MedJan 22, 2020
    risk 0.35cvss 6.5epss 0.02

    An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may…

  • CVE-2019-20391MedJan 22, 2020
    risk 0.35cvss 6.5epss 0.02

    An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.

  • CVE-2010-0749MedOct 30, 2019
    risk 0.35cvss 5.3epss 0.02

    Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.

  • CVE-2019-12968MedJun 26, 2019
    risk 0.35cvss 5.3epss 0.03

    A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server,…

  • CVE-2018-13907MedJun 14, 2019
    risk 0.35cvss 5.3epss 0.01

    While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations are invoked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon…

  • CVE-2018-13381MedJun 4, 2019
    risk 0.35cvss 5.3epss 0.02

    A buffer overflow vulnerability in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.7, 5.4 and earlier versions and FortiProxy 2.0.0, 1.2.8 and earlier versions under SSL VPN web portal allows a non-authenticated attacker to perform a Denial-of-service attack via special…

  • CVE-2019-3598MedFeb 28, 2019
    risk 0.35cvss 5.3epss 0.02

    Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.

  • CVE-2018-12541MedOct 10, 2018
    risk 0.35cvss 6.5epss 0.03

    In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an…