VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 125 of 126
  • CVE-2011-0210Jun 24, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.

  • CVE-2011-1807May 26, 2011
    risk 0.00cvss epss 0.03

    Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.

  • CVE-2011-1013May 9, 2011
    risk 0.00cvss epss 0.00

    Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger…

  • CVE-2011-1302Apr 15, 2011
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-0186Mar 23, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

  • CVE-2011-1017Mar 1, 2011
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow in the ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel 2.6.37.2 and earlier might allow local users to gain privileges or obtain sensitive information via a crafted LDM partition table.

  • CVE-2010-4743Feb 18, 2011
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party…

  • CVE-2011-0495Jan 20, 2011
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users…

  • CVE-2010-4542Jan 7, 2011
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb function in plug-ins/gfig/gfig-style.c in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long…

  • CVE-2010-4540Jan 7, 2011
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in the load_preset_response function in plug-ins/lighting/lighting-ui.c in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code…

  • CVE-2010-3874Dec 29, 2010
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.36.2 on 64-bit platforms might allow local users to cause a denial of service (memory…

  • CVE-2010-3859Dec 29, 2010
    risk 0.00cvss epss 0.00

    Multiple integer signedness errors in the TIPC implementation in the Linux kernel before 2.6.36.2 allow local users to gain privileges via a crafted sendmsg call that triggers a heap-based buffer overflow, related to the tipc_msg_build function in net/tipc/msg.c and the…

  • CVE-2010-2520Aug 19, 2010
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

  • CVE-2010-2498Aug 19, 2010
    risk 0.00cvss epss 0.06

    The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a…

  • CVE-2010-2542Aug 11, 2010
    risk 0.00cvss epss 0.03

    Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.

  • CVE-2010-2089May 27, 2010
    risk 0.00cvss epss 0.15

    The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a…

  • CVE-2009-4134May 27, 2010
    risk 0.00cvss epss 0.04

    Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

  • CVE-2010-0128May 13, 2010
    risk 0.00cvss epss 0.05

    Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid…

  • CVE-2010-1451May 7, 2010
    risk 0.00cvss epss 0.01

    The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the Linux kernel before 2.6.33 on the SPARC platform does not properly obtain the value of a certain _PAGE_EXEC_4U bit and consequently does not properly implement a non-executable stack, which makes it easier for…

  • CVE-2009-3831Oct 30, 2009
    risk 0.00cvss epss 0.06

    Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.