CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,004 vulnerabilities with CWE-119
CVE-2016-9831 HIGH
libming < 0.4.7 - Heap-Based Buffer Overflow in parseSWF_RGBA Function
CVSS 7.8
CVE-2016-9829 HIGH
libming < 0.4.7 - Heap-Based Buffer Overflow in parseSWF_DEFINEFONT Function
CVSS 7.8
CVE-2016-9827 MEDIUM
libming < 0.4.7 - Denial of Service via Crafted SWF File in _iprintf Function
CVSS 5.5
CVE-2016-9773 MEDIUM
ImageMagick 7.0.3.8 - Heap-Based Buffer Overflow in IsPixelGray Function
CVSS 5.5
CVE-2016-8866 HIGH
ImageMagick <7.0.3.8 - Memory Corruption
CVSS 8.8
CVE-2016-8862 HIGH
ImageMagick <7.0.3.3 - Memory Corruption
CVSS 8.8
CVE-2016-8687 HIGH
libarchive 3.2.1 - Denial of Service via Crafted Non-Printable Multibyte Character in Filename
CVSS 7.5
CVE-2016-8684 HIGH
GraphicsMagick 1.3.25 - Memory Corruption
CVSS 7.8
CVE-2016-8683 HIGH
GraphicsMagick 1.3.25 - Memory Corruption
CVSS 7.8
CVE-2016-6832 MEDIUM
libav < 11.3 - Heap-Based Buffer Overflow in ff_audio_resample
CVSS 5.5
CVE-2016-9363 HIGH
Moxa NPort Series - Unauthenticated Remote Code Execution via Buffer Overflow
CVSS 7.3
CVE-2016-8377 HIGH
Fatek Automation PLC WinProladder <3.11 Build 14701 - Buffer Overflow
CVSS 8.0
CVE-2016-8364 CRITICAL
IBHsoftec S7-SoftPLC <4.12b - Memory Corruption
CVSS 9.8
CVE-2016-8352 CRITICAL
Schneider Electric ConneXium - Buffer Overflow
CVSS 10.0
CVE-2016-5805 HIGH
Delta Electronics WPLSoft <V2.42.11 - Buffer Overflow
CVSS 7.8
CVE-2016-5798 HIGH
Fatek PM Designer V3 <2.1.2.2 - Buffer Overflow
CVSS 7.5
CVE-2016-5796 HIGH
Fatek Automation PM Designer V3 <2.1.2.2 - Code Injection
CVSS 8.8
CVE-2016-2148 CRITICAL
BusyBox < 1.25.0 - Heap-Based Buffer Overflow in DHCP Client via OPTION_6RD Parsing
CVSS 9.8
CVE-2016-10192 CRITICAL
FFmpeg < 2.8.10, 3.0.x < 3.0.5, 3.1.x < 3.1.6, 3.2.x < 3.2.2 - Remote Code Execution via Chunk Size Mismatch
CVSS 9.8
CVE-2016-10191 CRITICAL
FFmpeg < 2.8.10, 3.0.x < 3.0.5, 3.1.x < 3.1.6, 3.2.x < 3.2.2 - Remote Code Execution via RTMP Packet Size Mismatch
CVSS 9.8
CVE-2016-10190 CRITICAL
FFmpeg < 2.8.10, 3.0.x < 3.0.5, 3.1.x < 3.1.6, 3.2.x < 3.2.2 - RCE via Negative Chunk Size
CVSS 9.8
CVE-2016-1504 HIGH
dhcpcd < 6.9.4 - Denial of Service via Invalid Option Length
CVSS 7.5
CVE-2016-7800 HIGH
GraphicsMagick < 1.3.25 - Denial of Service via Crafted 8BIM Chunk
CVSS 7.5
CVE-2016-7447 CRITICAL
GraphicsMagick < 1.3.25 - Heap-Based Buffer Overflow in EscapeParenthesis
CVSS 9.8
CVE-2016-7446 CRITICAL
GraphicsMagick 1.3.24 - Buffer Overflow in MVG and SVG Rendering
CVSS 9.8
Details
Vulnerabilities 14,004
Exploit Likelihood High