VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 401 of 549
  • CVE-2015-2739Jul 6, 2015
    risk 0.00cvss epss 0.03

    The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

  • CVE-2015-2729Jul 6, 2015
    risk 0.00cvss epss 0.03

    The AudioParamTimeline::AudioNodeInputValue function in the Web Audio implementation in Mozilla Firefox before 39.0 and Firefox ESR 38.x before 38.1 does not properly calculate an oscillator rendering range, which allows remote attackers to obtain sensitive information from…

  • CVE-2015-2726Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2015-2725Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code…

  • CVE-2015-2724Jul 6, 2015
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2015-3724Jul 3, 2015
    risk 0.00cvss epss 0.02

    CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.

  • CVE-2015-3723Jul 3, 2015
    risk 0.00cvss epss 0.03

    CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.

  • CVE-2015-3719Jul 3, 2015
    risk 0.00cvss epss 0.03

    TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.

  • CVE-2015-3713Jul 3, 2015
    risk 0.00cvss epss 0.03

    QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.

  • CVE-2015-3712Jul 3, 2015
    risk 0.00cvss epss 0.03

    The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.

  • CVE-2015-3706Jul 3, 2015
    risk 0.00cvss epss 0.02

    IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.

  • CVE-2015-3705Jul 3, 2015
    risk 0.00cvss epss 0.02

    IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.

  • CVE-2015-3703Jul 3, 2015
    risk 0.00cvss epss 0.03

    ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.

  • CVE-2015-3702Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701.

  • CVE-2015-3701Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.

  • CVE-2015-3700Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702.

  • CVE-2015-3699Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

  • CVE-2015-3698Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

  • CVE-2015-3697Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.

  • CVE-2015-3696Jul 3, 2015
    risk 0.00cvss epss 0.00

    Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.