CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Description
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9
CVEs mapped to this weakness (10,979)
page 307 of 549| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3809 | 0.03 | — | 0.02 | Oct 27, 2009 | Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file. | |||
| CVE-2009-3807 | 0.03 | — | 0.03 | Oct 27, 2009 | Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file. | |||
| CVE-2009-3709 | 0.03 | — | 0.06 | Oct 16, 2009 | Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag. | |||
| CVE-2009-3708 | 0.03 | — | 0.04 | Oct 16, 2009 | Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is… | |||
| CVE-2009-3670 | 0.03 | — | 0.06 | Oct 11, 2009 | Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. | |||
| CVE-2009-3574 | 0.03 | — | 0.05 | Oct 6, 2009 | Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow. | |||
| CVE-2009-3536 | 0.03 | — | 0.06 | Oct 2, 2009 | Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file. | |||
| CVE-2009-3522 | 0.03 | — | 0.01 | Oct 1, 2009 | Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL… | |||
| CVE-2009-3484 | 0.03 | — | 0.06 | Sep 30, 2009 | Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-3428 | 0.03 | — | 0.06 | Sep 25, 2009 | Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file. | |||
| CVE-2009-3364 | 0.03 | — | 0.05 | Sep 24, 2009 | Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. | |||
| CVE-2009-3338 | 0.03 | — | 0.06 | Sep 24, 2009 | Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file. | |||
| CVE-2009-3254 | 0.03 | — | 0.05 | Sep 18, 2009 | Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file. | |||
| CVE-2009-3253 | 0.03 | — | 0.05 | Sep 18, 2009 | Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file. | |||
| CVE-2009-3234 | 0.03 | — | 0.02 | Sep 17, 2009 | Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call. | |||
| CVE-2009-3221 | 0.03 | — | 0.06 | Sep 16, 2009 | Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file. | |||
| CVE-2009-3213 | 0.03 | — | 0.05 | Sep 16, 2009 | Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file. | |||
| CVE-2008-7162 | 0.03 | — | 0.06 | Sep 4, 2009 | Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504. | |||
| CVE-2009-3058 | 0.03 | — | 0.06 | Sep 3, 2009 | Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file. | |||
| CVE-2009-2961 | 0.03 | — | 0.05 | Aug 25, 2009 | Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file. |
- CVE-2009-3809Oct 27, 2009risk 0.03cvss —epss 0.02
Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.
- CVE-2009-3807Oct 27, 2009risk 0.03cvss —epss 0.03
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
- CVE-2009-3709Oct 16, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
- CVE-2009-3708Oct 16, 2009risk 0.03cvss —epss 0.04
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is…
- CVE-2009-3670Oct 11, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
- CVE-2009-3574Oct 6, 2009risk 0.03cvss —epss 0.05
Tuniac 090517c allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a .pls playlist file, possibly a buffer overflow.
- CVE-2009-3536Oct 2, 2009risk 0.03cvss —epss 0.06
Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a (1) .m3u or (2) .mpl playlist file.
- CVE-2009-3522Oct 1, 2009risk 0.03cvss —epss 0.01
Stack-based buffer overflow in aswMon2.sys in avast! Home and Professional for Windows 4.8.1351, and possibly other versions before 4.8.1356, allows local users to cause a denial of service (system crash) and possibly gain privileges via a crafted IOCTL request to IOCTL…
- CVE-2009-3484Sep 30, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information.
- CVE-2009-3428Sep 25, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.
- CVE-2009-3364Sep 24, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
- CVE-2009-3338Sep 24, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
- CVE-2009-3254Sep 18, 2009risk 0.03cvss —epss 0.05
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
- CVE-2009-3253Sep 18, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
- CVE-2009-3234Sep 17, 2009risk 0.03cvss —epss 0.02
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.
- CVE-2009-3221Sep 16, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file.
- CVE-2009-3213Sep 16, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file.
- CVE-2008-7162Sep 4, 2009risk 0.03cvss —epss 0.06
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
- CVE-2009-3058Sep 3, 2009risk 0.03cvss —epss 0.06
Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers to execute arbitrary code via a long string in a .plt playlist file.
- CVE-2009-2961Aug 25, 2009risk 0.03cvss —epss 0.05
Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.