CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

13,998 vulnerabilities with CWE-119
CVE-2017-10731 HIGH
IrfanView 4.44 - Remote Code Execution via Crafted RLE File
CVSS 7.8
CVE-2017-10730 HIGH
IrfanView 4.44 - Remote Code Execution via Crafted RLE File
CVSS 7.8
CVE-2017-10729 HIGH
IrfanView 4.44 - Remote Code Execution via Crafted RLE File
CVSS 7.8
CVE-2017-10728 HIGH
Winamp 5.666 Build 3516 - Remote Code Execution via Crafted FLV File
CVSS 7.8
CVE-2017-10727 HIGH
Winamp 5.666 Build 3516 - Remote Code Execution via Crafted FLV File
CVSS 7.8
CVE-2017-10726 HIGH
Winamp 5.666 Build 3516 - Remote Code Execution via Crafted FLV File
CVSS 7.8
CVE-2017-10725 HIGH
Winamp 5.666 Build 3516 - Remote Code Execution via Crafted FLV File
CVSS 7.3
CVE-2017-10929 HIGH
radare2 1.5.0 - Heap-Based Buffer Overflow via Crafted Binary File
CVSS 7.8
CVE-2017-10921 CRITICAL
Xen < 4.8.1 - Memory Corruption via Grant-Table Mapping
CVSS 10.0
CVE-2017-10920 CRITICAL
Xen < 4.8.1 - Memory Corruption and Privilege Escalation via Grant-Table Mapping
CVSS 10.0
CVE-2017-10794 MEDIUM
GraphicsMagick - Buffer Overflow in TIFF RGB Image Processing
CVSS 5.5
CVE-2017-8893 HIGH
AeroAdmin 4.1 - Denial of Service via Buffer Overflow
CVSS 7.5
CVE-2017-10706 MEDIUM
Antiy Antivirus Engine - Stack-based Buffer Overflow via ZIP Archive Scanning
CVSS 6.2
CVE-2017-10684 CRITICAL
ncurses 6.0 - Stack-based Buffer Overflow in fmt_entry Function
CVSS 9.8
CVE-2017-8558 HIGH
Microsoft Malware Protection Engine - Remote Code Execution via Crafted File Scan
CVSS 7.8
CVE-2017-1310 MEDIUM
IBM Informix Dynamic Server 12.1 - Buffer Overflow
CVSS 6.5
CVE-2017-9998 MEDIUM
libdwarf < 2017-06-28 - Denial of Service via Crafted File in _dwarf_decode_s_leb128_chk
CVSS 6.5
CVE-2017-9996 HIGH
FFmpeg 2.8.x-3.3.0 Heap-Based Buffer Overflow in cdxl_decode_frame
CVSS 7.8
CVE-2017-9995 HIGH
FFmpeg 3.3 - Heap-Based Buffer Overflow in libavcodec/scpr.c
CVSS 7.8
CVE-2017-9994 HIGH
FFmpeg < 2.8.12, 3.0.x < 3.0.8, 3.1.x < 3.1.8, 3.2.x < 3.2.5, 3.3.x < 3.3.1 - Heap-Based Buffer Overflow in WebP Decoder
CVSS 7.8
CVE-2017-9992 HIGH
FFmpeg < 2.8.12, 3.0.x < 3.0.8, 3.1.x < 3.1.8, 3.2.x < 3.2.5, 3.3.x < 3.3.1 - Heap-based Buffer Overflow in decode_dds1
CVSS 8.8
CVE-2017-9991 HIGH
FFmpeg < 2.8.12, 3.0.x < 3.0.8, 3.1.x < 3.1.8, 3.2.x < 3.2.5, 3.3.x < 3.3.1 - Heap Overflow
CVSS 7.8
CVE-2017-9990 HIGH
FFmpeg < 3.3 - Stack-based Buffer Overflow in color_string_to_rgba
CVSS 8.8
CVE-2017-9987 HIGH
libav 12.1 - Heap-Based Buffer Overflow in hpel_motion Function
CVSS 7.5
CVE-2017-1297 HIGH
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, 11.1 - Stack-based Buffer Overflow
CVSS 7.3
Details
Vulnerabilities 13,998
Exploit Likelihood High