CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,993 vulnerabilities with CWE-119
CVE-2017-13816 HIGH
macOS < 10.13.1 - Remote Code Execution via Crafted Archive File in libarchive
CVSS 7.8
CVE-2017-13814 HIGH
macOS < 10.13.1 - Remote Code Execution via Crafted Image File
CVSS 7.8
CVE-2017-13813 HIGH
macOS < 10.13.1 - Remote Code Execution in libarchive via Crafted Archive File
CVSS 7.8
CVE-2017-13812 HIGH
macOS < 10.13.1 - Remote Code Execution via Crafted Archive File
CVSS 7.8
CVE-2017-13811 HIGH
macOS < 10.13.1 - Remote Code Execution in fsck_msdos
CVSS 7.8
CVE-2017-13808 HIGH
macOS < 10.13.1 - Remote Code Execution or Denial of Service via Remote Management Memory Corruption
CVSS 7.8
CVE-2017-13803 HIGH
Safari < 11.0.1 - Remote Code Execution via Crafted Web Site
CVSS 8.8
CVE-2017-13802 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13800 HIGH
macOS < 10.13.1 - Memory Corruption and Remote Code Execution in APFS
CVSS 7.8
CVE-2017-13799 HIGH
iPhone OS < 11.1, macOS < 10.13.1, tvOS < 11.1, watchOS < 4.1 - Remote Code Execution or Denial of Service in Kernel
CVSS 7.8
CVE-2017-13798 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13797 HIGH
Safari < 11.0.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-13796 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13795 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13794 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13793 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption in WebKit
CVSS 8.8
CVE-2017-13792 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13791 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-13788 HIGH
Safari < 11.0.1 - Remote Code Execution via Crafted Web Site
CVSS 8.8
CVE-2017-13785 HIGH
Safari < 11.0.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-13784 HIGH
Safari < 11.0.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-13783 HIGH
Safari < 11.0.1 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2017-16796 HIGH
SWFTools 0.9.2 - Denial of Service via Crafted PNG IDAT Tag
CVSS 7.8
CVE-2017-16793 HIGH
SWFTools 0.9.2 - DoS/Buffer Overflow
CVSS 7.8
CVE-2017-12969 HIGH
Avaya IP Office Contact Center < 10.1.1 - Remote Code Execution via ViewerCtrl ActiveX Buffer Overflow
CVSS 8.8
Details
Vulnerabilities 13,993
Exploit Likelihood High