VYPR

CWE-787

Out-of-bounds Write

BaseDraftLikelihood: High

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Hierarchy (View 1000)

CVEs mapped to this weakness (2,513)

page 15 of 126
  • CVE-2017-9225CriMay 24, 2017
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not…

  • CVE-2017-2520CriMay 22, 2017
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code…

  • CVE-2017-8923CriMay 12, 2017
    risk 0.64cvss 9.8epss 0.07

    The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by…

  • CVE-2017-5461CriMay 11, 2017
    risk 0.64cvss 9.8epss 0.05

    Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect…

  • CVE-2017-8775CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.01

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

  • CVE-2017-8774CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.01

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.

  • CVE-2017-8773CriMay 4, 2017
    risk 0.64cvss 9.8epss 0.02

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Out of Bounds Write on a Heap Buffer due to improper validation of dwCompressionSize of Microsoft WIM Header WIMHEADER_V1_PACKED. This…

  • CVE-2017-8359CriApr 30, 2017
    risk 0.64cvss 9.8epss 0.02

    Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

  • CVE-2017-8358CriApr 30, 2017
    risk 0.64cvss 9.8epss 0.02

    LibreOffice before 2017-03-17 has an out-of-bounds write caused by a heap-based buffer overflow related to the ReadJPEG function in vcl/source/filter/jpeg/jpegc.cxx.

  • CVE-2017-8105CriApr 24, 2017
    risk 0.64cvss 9.8epss 0.04

    FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.

  • CVE-2017-7882CriApr 15, 2017
    risk 0.64cvss 9.8epss 0.02

    LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.

  • CVE-2017-7875CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.02

    In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free.

  • CVE-2017-7870CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.04

    LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx.

  • CVE-2017-7866CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

  • CVE-2017-7865CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.

  • CVE-2017-7864CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.04

    FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.

  • CVE-2017-7863CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.

  • CVE-2017-7862CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c.

  • CVE-2017-7861CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.

  • CVE-2017-7860CriApr 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.