CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Parents

CWE-118

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (9,877)

page 417 of 494

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2012-5669	FreeType Freetype	—	0.02	Jan 24, 2013	The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.
CVE-2012-5668	FreeType Freetype	—	0.03	Jan 24, 2013	FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
CVE-2012-3364	Linux Kernel	—	0.02	Jan 22, 2013	Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.
CVE-2012-2137	Canonical Ubuntu Linux	—	0.00	Jan 22, 2013	Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
CVE-2012-2119	Linux Kernel	—	0.00	Jan 22, 2013	Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
CVE-2013-0656	Siemens Foundation Simatic Rf Manager	—	0.02	Jan 21, 2013	Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2013-0834	OpenSUSE openSUSE	—	0.01	Jan 15, 2013	Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
CVE-2013-0833	OpenSUSE openSUSE	—	0.01	Jan 15, 2013	Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
CVE-2012-5157	Google Chrome	—	0.01	Jan 15, 2013	Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2012-5153	OpenSUSE openSUSE	—	0.01	Jan 15, 2013	Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
CVE-2012-5152	OpenSUSE openSUSE	—	0.01	Jan 15, 2013	Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
CVE-2013-0752	Mozilla Corporation Firefox	—	0.03	Jan 13, 2013	Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.
CVE-2013-0620	Adobe Inc. Acrobat Reader	—	0.06	Jan 10, 2013	Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0623.
CVE-2013-0619	Adobe Inc. Acrobat Reader	—	0.06	Jan 10, 2013	Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623.
CVE-2012-5581	LibTIFF Libtiff	—	0.02	Jan 4, 2013	Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
CVE-2012-5977	Digium Asterisk	—	0.01	Jan 4, 2013	Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
CVE-2012-6090	Swi Prolog Swi Prolog	—	0.02	Jan 4, 2013	Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2012-6089	Swi Prolog Swi Prolog	—	0.03	Jan 4, 2013	Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2012-3133	Oracle Corporation Hyperion Interactive Reporting	—	0.01	Dec 21, 2012	Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.
CVE-2012-1699	Xfree86 Xfree86	—	0.00	Dec 21, 2012	The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.

CVE-2012-5669Jan 24, 2013
FreeType
Freetype
risk 0.00cvss —epss 0.02
The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.
CVE-2012-5668Jan 24, 2013
FreeType
Freetype
risk 0.00cvss —epss 0.03
FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.
CVE-2012-3364Jan 22, 2013
Linux
Kernel
risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.
CVE-2012-2137Jan 22, 2013
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.00
Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function.
CVE-2012-2119Jan 22, 2013
Linux
Kernel
risk 0.00cvss —epss 0.00
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
CVE-2013-0656Jan 21, 2013
Siemens Foundation
Simatic Rf Manager
risk 0.00cvss —epss 0.02
Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2013-0834Jan 15, 2013
OpenSUSE
openSUSE
risk 0.00cvss —epss 0.01
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.
CVE-2013-0833Jan 15, 2013
OpenSUSE
openSUSE
risk 0.00cvss —epss 0.01
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.
CVE-2012-5157Jan 15, 2013
Google
Chrome
risk 0.00cvss —epss 0.01
Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.
CVE-2012-5153Jan 15, 2013
OpenSUSE
openSUSE
risk 0.00cvss —epss 0.01
Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.
CVE-2012-5152Jan 15, 2013
OpenSUSE
openSUSE
risk 0.00cvss —epss 0.01
Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.
CVE-2013-0752Jan 13, 2013
Mozilla Corporation
Firefox
risk 0.00cvss —epss 0.03
Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content.
CVE-2013-0620Jan 10, 2013
Adobe Inc.
Acrobat Reader
risk 0.00cvss —epss 0.06
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, and CVE-2013-0623.
CVE-2013-0619Jan 10, 2013
Adobe Inc.
Acrobat Reader
risk 0.00cvss —epss 0.06
Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623.
CVE-2012-5581Jan 4, 2013
LibTIFF
Libtiff
risk 0.00cvss —epss 0.02
Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.
CVE-2012-5977Jan 4, 2013
Digium
Asterisk
risk 0.00cvss —epss 0.01
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.
CVE-2012-6090Jan 4, 2013
Swi Prolog
Swi Prolog
risk 0.00cvss —epss 0.02
Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2012-6089Jan 4, 2013
Swi Prolog
Swi Prolog
risk 0.00cvss —epss 0.03
Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.
CVE-2012-3133Dec 21, 2012
Oracle Corporation
Hyperion Interactive Reporting
risk 0.00cvss —epss 0.01
Buffer overflow in the DataDirect ODBC driver, as used in Oracle Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server 11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and 11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has unknown impact and attack vectors.
CVE-2012-1699Dec 21, 2012
Xfree86
Xfree86
risk 0.00cvss —epss 0.00
The ProcSetEventMask function in difs/events.c in the xfs font server for X.Org X11R6 through X11R6.6 and XFree86 before 3.3.3 calls the SendErrToClient function with a mask value instead of a pointer, which allows local users to cause a denial of service (memory corruption and crash) or obtain potentially sensitive information from memory via a SetEventMask request that triggers an invalid pointer dereference.