CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,993 vulnerabilities with CWE-119
CVE-2017-13729 MEDIUM
ncurses 6.0 - Denial of Service via Illegal Address Access in _nc_save_str
CVSS 6.5
CVE-2017-3735 MEDIUM
OpenSSL <1.0.2m, 1.1.0g - Info Disclosure
CVSS 5.3
CVE-2017-12919 MEDIUM
libfpx 1.3.1_p6 - Heap-Based Buffer Overflow in OLEStream::WriteVT_LPSTR
CVSS 6.5
CVE-2017-12840 HIGH
DESLock+ < 4.8.16 - Local Heap-Based Buffer Overflow in DLMFENC.sys via IOCTL 0x0FA4204
CVSS 7.8
CVE-2017-8380 CRITICAL
Qemu 2.9.0 - Buffer Overflow in megasas_mmio_write
CVSS 9.8
CVE-2017-12707 CRITICAL
SpiderControl SCADA MicroBrowser < 1.6.30.144 - Stack-based Buffer Overflow via Malicious HTML File
CVSS 9.8
CVE-2017-13140 MEDIUM
ImageMagick < 6.9.9-1 and 7.x < 7.0.6-2 - Denial of Service via PNG Width Handling
CVSS 6.5
CVE-2017-12787 CRITICAL
NoviWare < 400.2.6 - Unauthenticated Remote Code Execution via Packet Data OS Command Injection
CVSS 9.8
CVE-2017-12786 CRITICAL
NoviWare < 400.2.6 - Unauthenticated Stack-Based Buffer Overflow via Packet Data Unserialization
CVSS 9.8
CVE-2017-12785 CRITICAL
NoviWare < 400.2.6 - Authenticated Buffer Overflow via 'show log cli' Command
CVSS 9.8
CVE-2017-13064 MEDIUM
GraphicsMagick 1.3.26 - Heap-Based Buffer Overflow in GetStyleTokens
CVSS 6.5
CVE-2017-13063 MEDIUM
GraphicsMagick 1.3.26 - Heap-Based Buffer Overflow in GetStyleTokens
CVSS 6.5
CVE-2017-12983 HIGH
ImageMagick 7.0.6-8 - Heap-based Buffer Overflow in ReadSFWImage
CVSS 8.8
CVE-2017-12982 MEDIUM
OpenJPEG < 2.3.0 - Denial of Service via Zero biBitCount BMP Header
CVSS 5.5
CVE-2017-12966 MEDIUM
asn1c 0.9.28 - Denial of Service via Crafted .asn1 File
CVSS 6.5
CVE-2017-11323 HIGH
ESTsoft ALZip < 8.51 - Remote Code Execution via Crafted MS-DOS Device File
CVSS 7.8
CVE-2017-12955 HIGH
Exiv2 0.26 - Heap-Based Buffer Overflow in Image::printIFDStructure
CVSS 8.8
CVE-2017-9678 HIGH
Qualcomm Android - Memory Corruption
CVSS 7.8
CVE-2017-12420 HIGH
NetApp Clustered Data ONTAP <9.0P2 - Buffer Overflow
CVSS 8.8
CVE-2017-12942 CRITICAL
UnRAR < 5.5.6 - Buffer Overflow in Unpack::LongLZ
CVSS 9.8
CVE-2017-7555 CRITICAL
augeas <= 1.8.0 - Heap-Based Buffer Overflow via Escaped String Handling
CVSS 9.8
CVE-2017-8248 CRITICAL
Apple iPhone OS < 10.3.2 and Qualcomm Telephony - Buffer Overflow in Downlink NAS Message Processing
CVSS 9.8
CVE-2017-8243 HIGH
Qualcomm MSM and QRD Android - Buffer Overflow in Firmware Image Processing
CVSS 7.8
CVE-2017-9660 HIGH
Fuji Electric Monitouch V-SFT <5.4.43.0 - Buffer Overflow
CVSS 8.8
CVE-2017-9659 HIGH
Fuji Electric Monitouch V-SFT <5.4.43.0 - Buffer Overflow
CVSS 8.8
Details
Vulnerabilities 13,993
Exploit Likelihood High