VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (10,979)

page 524 of 549
  • CVE-2008-3642Oct 10, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.

  • CVE-2008-4504Oct 9, 2008
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD Player 3.0.8 allows user-assisted remote attackers to execute arbitrary code via an M3u file with a "long entry." NOTE: the provenance of this information is unknown; the details are obtained solely from third…

  • CVE-2008-3828Oct 8, 2008
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the condor_ schedd daemon in Condor before 7.0.5 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

  • CVE-2008-4402Oct 3, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2008-4396Oct 2, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.

  • CVE-2008-3522Oct 2, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.

  • CVE-2008-4132Sep 19, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. NOTE: the provenance of this information is…

  • CVE-2008-2305Sep 16, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

  • CVE-2008-2932Sep 12, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via % (percent) encoded HTTP input to unspecified CGI scripts in Fedora Directory Server. NOTE: this vulnerability exists…

  • CVE-2008-4052Sep 11, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity Servers 8.2-1, 8.3, and 8.3-1H1 and OpenVMS ALPHA 7.3-2, 8.2, and 8.3 allows local users to cause a denial of service (crash) or gain privileges via unspecified vectors.

  • CVE-2008-3971Sep 11, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration…

  • CVE-2008-3915Sep 11, 2008
    risk 0.00cvss epss 0.04

    Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

  • CVE-2008-3635Sep 11, 2008
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application…

  • CVE-2008-3626Sep 11, 2008
    risk 0.00cvss epss 0.05

    The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application…

  • CVE-2008-3624Sep 11, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

  • CVE-2007-6717Sep 11, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.

  • CVE-2008-3916Sep 4, 2008
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only…

  • CVE-2008-3908Sep 4, 2008
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka…

  • CVE-2008-3911Sep 4, 2008
    risk 0.00cvss epss 0.00

    The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the…

  • CVE-2008-3146Sep 2, 2008
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.