VYPR

CWE-20

Improper Input Validation

ClassStableLikelihood: High

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-104 · CAPEC-108 · CAPEC-109 · CAPEC-110 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-136 · CAPEC-14 · CAPEC-153 · CAPEC-182 · CAPEC-209 · CAPEC-22 · CAPEC-23 · CAPEC-230 · CAPEC-231 · CAPEC-24 · CAPEC-250 · CAPEC-261 · CAPEC-267 · CAPEC-28 · CAPEC-3 · CAPEC-31 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-473 · CAPEC-52 · CAPEC-53 · CAPEC-588 · CAPEC-63 · CAPEC-64 · CAPEC-664 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-73 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-81 · CAPEC-83 · CAPEC-85 · CAPEC-88 · CAPEC-9

CVEs mapped to this weakness (8,003)

page 173 of 401
  • CVE-2017-6498MedMar 6, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.

  • CVE-2016-9830MedMar 1, 2017
    risk 0.36cvss 5.5epss 0.02

    The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image.

  • CVE-2016-5240MedFeb 27, 2017
    risk 0.36cvss 5.5epss 0.02

    The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file.

  • CVE-2017-6188MedFeb 22, 2017
    risk 0.36cvss 5.5epss 0.00

    Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

  • CVE-2017-6078MedFeb 21, 2017
    risk 0.36cvss 5.5epss 0.01

    FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.

  • CVE-2017-2368MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card.

  • CVE-2016-7665MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Graphics Driver" component, which allows remote attackers to cause a denial of service via a crafted video.

  • CVE-2016-4661MedFeb 20, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ntfs" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app.

  • CVE-2017-0318MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.00

    All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.

  • CVE-2016-8944MedFeb 15, 2017
    risk 0.36cvss 5.5epss 0.00

    IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

  • CVE-2016-4546MedFeb 13, 2017
    risk 0.36cvss 5.5epss 0.00

    Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.

  • CVE-2016-5102MedFeb 6, 2017
    risk 0.36cvss 5.5epss 0.02

    Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file.

  • CVE-2016-6234MedFeb 2, 2017
    risk 0.36cvss 5.5epss 0.01

    The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file.

  • CVE-2016-9317MedJan 26, 2017
    risk 0.36cvss 5.5epss 0.04

    The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

  • CVE-2016-9278MedJan 18, 2017
    risk 0.36cvss 5.5epss 0.00

    The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736.

  • CVE-2017-2947MedJan 11, 2017
    risk 0.36cvss 5.5epss 0.07

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF).

  • CVE-2017-5217MedJan 9, 2017
    risk 0.36cvss 5.5epss 0.01

    Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app…

  • CVE-2016-4329MedJan 6, 2017
    risk 0.36cvss 5.5epss 0.01

    A local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, an attacker can cause application termination and in the same way bypass KAV self-protection mechanism.

  • CVE-2015-8744MedDec 29, 2016
    risk 0.36cvss 5.5epss 0.00

    QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process…

  • CVE-2016-8595MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.