VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 122 of 126
  • CVE-2018-11506HigMay 28, 2018
    risk 0.00cvss 7.8epss 0.00

    The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the…

  • CVE-2018-0946HigMay 9, 2018
    risk 0.00cvss 7.5epss 0.52

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945,…

  • CVE-2018-10717HigMay 3, 2018
    risk 0.00cvss 8.8epss 0.02

    The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other…

  • CVE-2018-10677HigMay 2, 2018
    risk 0.00cvss 8.8epss 0.02

    The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks certain checks against width and height, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a…

  • CVE-2018-10540MedApr 29, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in WavPack 5.1.0 and earlier for W64 input. Out-of-bounds writes can occur because ParseWave64HeaderConfig in wave64.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection…

  • CVE-2018-10539MedApr 29, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection…

  • CVE-2018-10538MedApr 29, 2018
    risk 0.00cvss 5.5epss 0.02

    An issue was discovered in WavPack 5.1.0 and earlier for WAV input. Out-of-bounds writes can occur because ParseRiffHeaderConfig in riff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a…

  • CVE-2018-10536HigApr 29, 2018
    risk 0.00cvss 7.8epss 0.02

    An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser component contains a vulnerability that allows writing to memory because ParseRiffHeaderConfig in riff.c does not reject multiple format chunks.

  • CVE-2018-10528HigApr 29, 2018
    risk 0.00cvss 8.8epss 0.03

    An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.

  • CVE-2018-1068MedMar 16, 2018
    risk 0.00cvss 6.7epss 0.00

    A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

  • CVE-2018-7186CriFeb 16, 2018
    risk 0.00cvss 9.8epss 0.03

    Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by…

  • CVE-2018-0834HigFeb 15, 2018
    risk 0.00cvss 7.5epss 0.56

    Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…

  • CVE-2018-6758CriFeb 6, 2018
    risk 0.00cvss 9.8epss 0.02

    The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.

  • CVE-2018-5332HigJan 11, 2018
    risk 0.00cvss 7.8epss 0.00

    In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

  • CVE-2018-5268MedJan 8, 2018
    risk 0.00cvss 5.5epss 0.02

    In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.

  • CVE-2017-1000458CriJan 2, 2018
    risk 0.00cvss 9.8epss 0.02

    Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.

  • CVE-2014-6184Feb 22, 2015
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified…

  • CVE-2014-3676Oct 22, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

  • CVE-2014-1525Apr 30, 2014
    risk 0.00cvss epss 0.04

    The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2014-0077Apr 14, 2014
    risk 0.00cvss epss 0.01

    drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via…