VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 346 of 549
  • CVE-2014-1760Apr 8, 2014
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2014-1758Apr 8, 2014
    risk 0.01cvss epss 0.17

    Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Word Stack Overflow Vulnerability."

  • CVE-2014-1757Apr 8, 2014
    risk 0.01cvss epss 0.17

    Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility Pack SP3, allocates memory incorrectly for file conversions from a binary (aka .doc) format to a newer format, which allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft…

  • CVE-2014-0507Apr 8, 2014
    risk 0.01cvss epss 0.06

    Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows…

  • CVE-2013-0729Apr 2, 2014
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in Tracker Software PDF-XChange before 2.5.208 allows remote attackers to execute arbitrary code via a crafted Define Huffman Table header in a JPEG image file stream in a PDF file.

  • CVE-2014-2525Mar 28, 2014
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

  • CVE-2014-0511Mar 27, 2014
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.

  • CVE-2014-0510Mar 27, 2014
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014.

  • CVE-2014-2240Mar 12, 2014
    risk 0.01cvss epss 0.06

    Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.

  • CVE-2014-0321Mar 12, 2014
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0313.

  • CVE-2014-0311Mar 12, 2014
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and…

  • CVE-2014-0308Mar 12, 2014
    risk 0.01cvss epss 0.14

    Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0297,…

  • CVE-2014-0306Mar 12, 2014
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2014-0305Mar 12, 2014
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0299 and…

  • CVE-2014-0298Mar 12, 2014
    risk 0.01cvss epss 0.13

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2014-0498Feb 21, 2014
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before…

  • CVE-2014-0280Feb 12, 2014
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2014-0278Feb 12, 2014
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0277 and CVE-2014-0279.

  • CVE-2014-0272Feb 12, 2014
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

  • CVE-2014-0269Feb 12, 2014
    risk 0.01cvss epss 0.17

    Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."