CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,002 vulnerabilities with CWE-119
CVE-2017-0477 HIGH
Android 7.1.1 - Remote Code Execution via Crafted File in libgdx
CVSS 7.8
CVE-2017-0476 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution via Media File Processing
CVSS 7.8
CVE-2017-0474 HIGH
Android 7.0, 7.1.1 - Remote Code Execution in Mediaserver via Crafted Media File
CVSS 7.8
CVE-2017-0473 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution in Mediaserver via Crafted File
CVSS 7.8
CVE-2017-0472 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution via Mediaserver Memory Corruption
CVSS 7.8
CVE-2017-0471 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution via Mediaserver Memory Corruption
CVSS 7.8
CVE-2017-0470 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution in Mediaserver
CVSS 7.8
CVE-2017-0469 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution in Mediaserver via Crafted File
CVSS 7.8
CVE-2017-0468 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution in Mediaserver via Crafted File
CVSS 7.8
CVE-2017-0467 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution via Mediaserver Memory Corruption
CVSS 7.8
CVE-2017-0466 HIGH
Android 6.0 6.0.1 7.0 7.1.1 - Remote Code Execution via Mediaserver Memory Corruption
CVSS 7.8
CVE-2017-6502 MEDIUM
ImageMagick - Denial of Service via Crafted WebP File
CVSS 5.5
CVE-2017-6416 CRITICAL
SysGauge 1.5.18 - Buffer Overflow via SMTP Service Ready String
CVSS 9.8
CVE-2017-6319 HIGH
radare2 1.2.1 - Buffer Overflow in DEX Debug Item Parser
CVSS 7.8
CVE-2017-5974 MEDIUM
zziplib 0.13.56-0.13.62 - Heap-Based Buffer Overflow in __zzip_get32
CVSS 5.5
CVE-2017-5886 HIGH
PoDoFo 0.9.4 - Heap-Based Buffer Overflow in PdfTokenizer GetNextToken
CVSS 7.8
CVE-2017-5581 CRITICAL
TigerVNC < 1.7.1 - Remote Code Execution via RRE Message Buffer Overflow
CVSS 9.8
CVE-2017-2791 HIGH
JustSystems Ichitaro 2016 Trial - Memory Corruption via Crafted PowerPoint File
CVSS 7.5
CVE-2017-2790 HIGH
JustSystems Ichitaro - Heap-Based Buffer Overflow via Excel Workbook Stream Record Type 0x3c
CVSS 8.8
CVE-2017-2789 HIGH
JustSystems Ichitaro Office 2016 Trial - Heap-Based Buffer Overflow via File Data Copy
CVSS 8.8
CVE-2017-6300 HIGH
ytnef < 1.9.1 - Buffer Overflow in Version Field
CVSS 7.8
CVE-2017-6187 CRITICAL
DiskSavvy Enterprise 9.4.18 - Remote Code Execution via Long URI in GET Request
CVSS 9.8
CVE-2017-5881 HIGH
GOM Player 2.3.10.5266 - Memory Corruption via Crafted FPX File
CVSS 7.8
CVE-2017-2374 HIGH
GarageBand < 10.1.6 - Remote Code Execution via Crafted Project File
CVSS 7.8
CVE-2017-2373 HIGH
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
CVSS 8.8
Details
Vulnerabilities 14,002
Exploit Likelihood High