VYPR

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ClassStableLikelihood: High

Description

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-123 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-8 · CAPEC-9

CVEs mapped to this weakness (11,748)

page 581 of 588
  • CVE-2006-4514Nov 30, 2006
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the…

  • CVE-2006-5601Oct 28, 2006
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.

  • CVE-2006-5456Oct 23, 2006
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a…

  • CVE-2006-4819Oct 17, 2006
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).

  • CVE-2006-5176Oct 10, 2006
    risk 0.00cvss epss 0.05

    Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".

  • CVE-2006-4565Sep 15, 2006
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."

  • CVE-2006-2482Sep 8, 2006
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive…

  • CVE-2006-4146Aug 31, 2006
    risk 0.00cvss epss 0.03

    Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large…

  • CVE-2006-4431Aug 29, 2006
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier…

  • CVE-2006-4326Aug 24, 2006
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being…

  • CVE-2006-4262Aug 23, 2006
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long…

  • CVE-2006-3985Aug 5, 2006
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.

  • CVE-2006-3463Aug 3, 2006
    risk 0.00cvss epss 0.03

    The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite…

  • CVE-2006-3460Aug 3, 2006
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).

  • CVE-2006-3462Aug 3, 2006
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.

  • CVE-2006-3946Jul 31, 2006
    risk 0.00cvss epss 0.05

    WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally…

  • CVE-2006-3600Jul 18, 2006
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp (TunePimp) 0.4.2 allow remote user-assisted attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2)…

  • CVE-2006-3582Jul 13, 2006
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.

  • CVE-2006-3117Jun 30, 2006
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5)…

  • CVE-2006-2200Jun 28, 2006
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4)…