VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 399 of 549
  • CVE-2015-4475Aug 16, 2015
    risk 0.00cvss epss 0.05

    The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via a malformed…

  • CVE-2015-5125Aug 14, 2015
    risk 0.00cvss epss 0.06

    Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to cause a denial of service (vector-length corruption) or…

  • CVE-2015-5718Aug 12, 2015
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi.

  • CVE-2015-5154Aug 12, 2015
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.

  • CVE-2015-3286Aug 12, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large group list when joining a PAG.

  • CVE-2015-3285Aug 12, 2015
    risk 0.00cvss epss 0.00

    The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.

  • CVE-2015-2059Aug 12, 2015
    risk 0.00cvss epss 0.03

    The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.

  • CVE-2013-7443Aug 12, 2015
    risk 0.00cvss epss 0.03

    Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows remote attackers to cause a denial of service (crash) via crafted SQL statements.

  • CVE-2015-5523Aug 11, 2015
    risk 0.00cvss epss 0.04

    The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

  • CVE-2015-5522Aug 11, 2015
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

  • CVE-2014-7913Jul 30, 2015
    risk 0.00cvss epss 0.02

    The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of…

  • CVE-2014-7912Jul 30, 2015
    risk 0.00cvss epss 0.03

    The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial…

  • CVE-2015-4290Jul 29, 2015
    risk 0.00cvss epss 0.00

    The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

  • CVE-2015-1872Jul 26, 2015
    risk 0.00cvss epss 0.02

    The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified…

  • CVE-2015-1280Jul 23, 2015
    risk 0.00cvss epss 0.02

    SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.

  • CVE-2015-1273Jul 23, 2015
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.

  • CVE-2015-1271Jul 23, 2015
    risk 0.00cvss epss 0.02

    PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted PDF document that…

  • CVE-2015-2869Jul 21, 2015
    risk 0.00cvss epss 0.04

    The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive Member Header of a COFF Archive Library file, (2) a large Number Of Symbols value…

  • CVE-2015-0795Jul 18, 2015
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attackers to execute arbitrary code via long arguments, aka ZDI-CAN-2699.

  • CVE-2015-5115Jul 15, 2015
    risk 0.00cvss epss 0.06

    Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial…