CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,993 vulnerabilities with CWE-119
CVE-2017-12818 HIGH
Sentinel LDK RTE < 7.55 - Denial of Service via Custom XML Parser
CVSS 7.5
CVE-2017-0810 HIGH
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Remote Code Execution in libmpeg2
CVSS 7.8
CVE-2017-0809 HIGH
Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 - Remote Code Execution in libstagefright
CVSS 7.8
CVE-2017-14493 CRITICAL
dnsmasq <2.78 - Buffer Overflow
CVSS 9.8
CVE-2017-14492 CRITICAL
dnsmasq <2.78 - Buffer Overflow
CVSS 9.8
CVE-2017-12639 CRITICAL
Ipswitch IMail Server <= 12.5.5 - Stack-Based Buffer Overflow
CVSS 9.8
CVE-2017-12638 CRITICAL
Ipswitch IMail Server <= 12.5.5 - Stack-Based Buffer Overflow in IMmailSrv
CVSS 9.8
CVE-2017-11498 HIGH
Gemalto Sentinel LDK RTE HASP SRM 2.10-Sentinel LDK 7.50 - Denial of Service via Malformed Language Pack HTML Files
CVSS 7.5
CVE-2017-11497 CRITICAL
Gemalto Sentinel LDK RTE HASP SRM 2.10-Sentinel LDK 7.50 - Remote Code Execution via Long Filename in Language Pack
CVSS 9.8
CVE-2017-11496 CRITICAL
Gemalto Sentinel LDK RTE HASP SRM 2.10-Sentinel LDK 7.50 - Remote Code Execution via Malformed ASN.1 Stream
CVSS 9.8
CVE-2017-14947 HIGH
Artifex GSView 6.0 Beta - Remote Code Execution or Denial of Service via Crafted XPS File
CVSS 7.8
CVE-2017-14946 HIGH
Artifex GSView 6.0 Beta - Denial of Service via Crafted PDF File
CVSS 7.8
CVE-2017-14945 HIGH
Artifex GSView 6.0 Beta - Denial of Service via Crafted PDF File
CVSS 7.8
CVE-2017-13684 HIGH
Unisys MCP-FIRMWARE < 43.185 - Authenticated Denial of Service via Incorrect Literal Handling
CVSS 7.8
CVE-2017-14866 MEDIUM
Exiv2 - Heap-Based Buffer Overflow in Exiv2::s2Data Function
CVSS 5.5
CVE-2017-14865 MEDIUM
exiv2 - Heap-Based Buffer Overflow in Exiv2::us2Data
CVSS 5.5
CVE-2017-14864 MEDIUM
exiv2 0.26 - Denial of Service via Invalid Memory Address Dereference in Exiv2::getULong
CVSS 5.5
CVE-2017-14862 MEDIUM
exiv2 - Denial of Service via Invalid Memory Address Dereference in DataValue::read
CVSS 5.5
CVE-2017-14859 MEDIUM
exiv2 0.26 - Denial of Service via Invalid Memory Address Dereference in StringValueBase
CVSS 5.5
CVE-2017-14858 MEDIUM
Exiv2 - Heap-Based Buffer Overflow in Exiv2::l2Data Function
CVSS 5.5
CVE-2017-12240 CRITICAL KEV
Cisco IOS 12.2-15.6 and IOS XE - Unauthenticated Remote Code Execution via DHCPv4 Packet Buffer Overflow
CVSS 9.8
CVE-2017-12814 CRITICAL
perl < 5.24.3-RC1 and 5.26.x < 5.26.1-RC1 - Stack-based Buffer Overflow via Long Environment Variable
CVSS 9.8
CVE-2017-11121 CRITICAL
Broadcom BCM4355C0 Wi-Fi Firmware 9.44.78.27.0.1.56 - Heap and Stack Overflow via Malicious Fast Transition Frames
CVSS 9.8
CVE-2017-11120 CRITICAL
Broadcom BCM4355C0 Wi-Fi Firmware 9.44.78.27.0.1.56 - Buffer Overflow via Malformed RRM Neighbor Report Frame
CVSS 9.8
CVE-2017-14767 HIGH
FFmpeg < 3.3.3 - Heap Buffer Overflow via Empty sprop-parameter-sets in SDP File
CVSS 8.8
Details
Vulnerabilities 13,993
Exploit Likelihood High