CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,998 vulnerabilities with CWE-119
CVE-2017-11362 CRITICAL
PHP 7.x < 7.0.21 and 7.1.x < 7.1.7 - Stack-Based Buffer Overflow via Long Locale in msgfmt_parse_message
CVSS 9.8
CVE-2017-11345 HIGH
Asuswrt-Merlin and ASUS Firmware < 3.0.0.4.380.7743 - Remote Code Execution via SSDP Location Header
CVSS 7.8
CVE-2017-11344 HIGH
Asuswrt-Merlin and ASUS Firmware < 3.0.0.4.380.7743 - Remote Code Execution via SSDP Location Header
CVSS 7.8
CVE-2017-11339 MEDIUM
Exiv2 - Heap-Based Buffer Overflow in Image::printIFDStructure
CVSS 6.5
CVE-2017-11328 MEDIUM
YARA 3.x - Denial of Service via Heap Buffer Overflow in yr_object_array_set_item
CVSS 5.5
CVE-2017-11311 HIGH
OpenMPT < 1.26.12.00 and libopenmpt < 0.2.8461-beta26 - Heap Buffer Overflow via Crafted PSM File
CVSS 7.8
CVE-2017-10602 HIGH
Junos OS Multiple Versions - Authenticated CLI Buffer Overflow
CVSS 7.0
CVE-2017-1000075 CRITICAL
Creolabs Gravity 1.0 - Buffer Overflow
CVSS 9.8
CVE-2017-1000074 CRITICAL
Creolabs Gravity 1.0 - Buffer Overflow
CVSS 9.8
CVE-2017-1000073 CRITICAL
Creolabs Gravity 1.0 - Heap Overflow
CVSS 9.8
CVE-2017-1000044 CRITICAL
gtk-vnc 0.4.2 - Memory Corruption via Framebuffer Boundary Mismanagement
CVSS 9.8
CVE-2017-0152 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption in Scripting Engine
CVSS 8.1
CVE-2017-0028 CRITICAL
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 9.8
CVE-2017-2818 HIGH
Poppler 0.53.0 - Heap Overflow via Image Rendering
CVSS 7.5
CVE-2017-2814 HIGH
Poppler 0.53.0 - Heap Overflow via Image Rendering
CVSS 7.5
CVE-2017-11190 HIGH
unrar-free 0.0.1 - Stack-Based Buffer Overflow via Long Filename in RAR Archive
CVSS 7.8
CVE-2017-8619 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2017-8618 HIGH
Internet Explorer - Memory Corruption in Scripting Engine
CVSS 7.5
CVE-2017-8617 HIGH
Microsoft Edge - Remote Code Execution via Memory Object Handling
CVSS 7.5
CVE-2017-8610 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8609 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8608 HIGH
Microsoft Edge and Internet Explorer - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8607 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8606 HIGH
Microsoft Edge and Internet Explorer - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
CVE-2017-8605 HIGH
Microsoft Edge - Remote Code Execution via JavaScript Engine Memory Corruption
CVSS 7.5
Details
Vulnerabilities 13,998
Exploit Likelihood High