CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,000 vulnerabilities with CWE-119
CVE-2017-2481 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2477 CRITICAL
macOS < 10.12.4 - Memory Corruption in libxslt
CVSS 9.8
CVE-2017-2476 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2473 HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution or Denial of Service in Kernel
CVSS 7.8
CVE-2017-2470 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2469 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2468 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2467 HIGH
Apple iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution in ImageIO
CVSS 7.8
CVE-2017-2466 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2465 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2464 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2462 HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution via Crafted Audio File
CVSS 7.8
CVE-2017-2460 HIGH
Safari < 10.0.3 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2459 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2458 HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution via Keyboards Component
CVSS 7.8
CVE-2017-2457 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2455 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2454 HIGH
Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2017-2451 HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - RCE or DoS via Buffer Overflow
CVSS 7.8
CVE-2017-2447 HIGH
Safari < 10.1 - Memory Corruption via Crafted Web Site
CVSS 8.1
CVE-2017-2444 HIGH
Safari < 10.1 - Remote Code Execution via Memory Corruption in CoreGraphics
CVSS 8.8
CVE-2017-2443 HIGH
macOS < 10.12.4 - Memory Corruption in Intel Graphics Driver
CVSS 7.8
CVE-2017-2437 HIGH
macOS < 10.12.4 - Memory Corruption in IOFireWireAVC
CVSS 7.8
CVE-2017-2436 HIGH
macOS < 10.12.4 - Remote Code Execution in IOFireWireAVC
CVSS 7.8
CVE-2017-2435 HIGH
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution via Crafted Font File
CVSS 7.8
Details
Vulnerabilities 14,000
Exploit Likelihood High