VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 370 of 549
  • CVE-2008-2242May 21, 2008
    risk 0.01cvss epss 0.15

    Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

  • CVE-2008-0314Apr 16, 2008
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.

  • CVE-2008-1833Apr 16, 2008
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.

  • CVE-2008-1100Apr 14, 2008
    risk 0.01cvss epss 0.11

    Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.

  • CVE-2008-1021Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.

  • CVE-2008-1019Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.

  • CVE-2008-1022Apr 4, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.

  • CVE-2008-1020Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.

  • CVE-2008-1017Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

  • CVE-2008-1497Mar 25, 2008
    risk 0.01cvss epss 0.06

    Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.

  • CVE-2007-6254Mar 20, 2008
    risk 0.01cvss epss 0.06

    Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2008-0948Mar 19, 2008
    risk 0.01cvss epss 0.07

    Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a…

  • CVE-2008-0947Mar 19, 2008
    risk 0.01cvss epss 0.09

    Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.

  • CVE-2008-0053Mar 18, 2008
    risk 0.01cvss epss 0.08

    Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

  • CVE-2008-0047Mar 18, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

  • CVE-2008-0888Mar 17, 2008
    risk 0.01cvss epss 0.06

    The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or…

  • CVE-2007-6253Mar 12, 2008
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client 5.0 allow remote attackers to execute arbitrary code via unknown vectors in the (1) Adobe File Dialog Button (FileDlg.dll) and the (2) Adobe Copy to Server Object (SvrCopy.dll) ActiveX controls.

  • CVE-2008-1161Mar 10, 2008
    risk 0.01cvss epss 0.07

    Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.

  • CVE-2008-1189Mar 6, 2008
    risk 0.01cvss epss 0.07

    Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue.

  • CVE-2008-1188Mar 6, 2008
    risk 0.01cvss epss 0.12

    Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset…