CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,004 vulnerabilities with CWE-119
CVE-2016-7611 HIGH
iTunes < 12.5.4 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2016-7610 HIGH
iPhone OS < 10.2, Safari < 10.0.2, iCloud < 6.1, iTunes < 12.5.4 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2016-7606 HIGH
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Kernel Memory Corruption via Crafted App
CVSS 7.8
CVE-2016-7602 HIGH
macOS < 10.12.2 - Remote Code Execution in Intel Graphics Driver
CVSS 7.8
CVE-2016-7596 HIGH
macOS < 10.12.2 - Remote Code Execution or Denial of Service via Bluetooth Memory Corruption
CVSS 8.8
CVE-2016-7595 HIGH
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Remote Code Execution via Crafted Font in CoreText
CVSS 8.8
CVE-2016-7594 HIGH
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Remote Code Execution in ICU
CVSS 8.8
CVE-2016-7589 HIGH
iPhone OS < 10.2 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2016-7588 HIGH
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Remote Code Execution via Crafted MP4 File
CVSS 8.8
CVE-2016-7587 HIGH
iPhone OS < 10.2 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2016-7578 HIGH
Safari < 10.0.1 - Remote Code Execution via Memory Corruption in WebKit
CVSS 8.8
CVE-2016-4764 HIGH
iTunes < 12.5.1 - Remote Code Execution via Crafted Web Site
CVSS 8.8
CVE-2016-4743 HIGH
iPhone OS < 10.2, iCloud < 6.1, Safari < 10.0.2, iTunes < 12.5.4 - WebKit Remote Memory Corruption and Info Disclosure
CVSS 7.1
CVE-2016-4692 HIGH
iPhone OS < 10.2, Safari < 10.0.2, iCloud < 6.1, iTunes < 12.5.4 - Remote Code Execution via WebKit Memory Corruption
CVSS 8.8
CVE-2016-4691 HIGH
iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Remote Code Execution via Crafted Font in FontParser
CVSS 8.8
CVE-2016-4688 HIGH
tvOS < 10.0.1 - Remote Code Execution via Crafted Font in FontParser
CVSS 8.8
CVE-2016-4683 HIGH
macOS < 10.12.1 - Remote Code Execution via Crafted SGI File in ImageIO
CVSS 7.8
CVE-2016-4681 HIGH
macOS < 10.12.1 - Remote Code Execution via Crafted JPEG File
CVSS 7.8
CVE-2016-4677 HIGH
Apple Iphone OS < 10.1 - Memory Corruption
CVSS 8.8
CVE-2016-4674 HIGH
macOS < 10.12.1 - Local Privilege Escalation via ATS Memory Corruption
CVSS 7.8
CVE-2016-4673 HIGH
iPhone OS < 10.1, macOS < 10.12.1, tvOS < 10.0.1, watchOS < 3.1 - Remote Code Execution via Crafted JPEG File
CVSS 7.8
CVE-2016-4667 HIGH
macOS < 10.12.1 - Remote Code Execution via Crafted Font in ATS
CVSS 8.8
CVE-2016-4666 HIGH
Apple Iphone OS < 10.1 - Memory Corruption
CVSS 8.8
CVE-2016-4663 MEDIUM
macOS < 10.12.1 - Denial of Service via NVIDIA Graphics Drivers Memory Corruption
CVSS 5.5
CVE-2016-4662 HIGH
macOS < 10.12.1 - Remote Code Execution in AppleGraphicsControl
CVSS 7.8
Details
Vulnerabilities 14,004
Exploit Likelihood High