CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,006 vulnerabilities with CWE-119
CVE-2016-8440 CRITICAL
Android Kernel <3.18 - Buffer Overflow
CVSS 9.8
CVE-2016-8439 CRITICAL
Android Kernel <3.18 - Buffer Overflow
CVSS 9.8
CVE-2016-7480 CRITICAL
PHP < 7.0.12 - Remote Code Execution via SplObjectStorage Unserialize
CVSS 9.8
CVE-2016-6830 CRITICAL
CHICKEN Scheme <= 4.11.0 - Buffer Overflow via process-execute and process-spawn
CVSS 9.8
CVE-2016-5652 HIGH
LibTIFF - Heap-Based Buffer Overflow in TIFF2PDF Tool
CVSS 7.0
CVE-2016-5646 HIGH
Lexmark Perceptive Document Filters - Buffer Overflow
CVSS 7.8
CVE-2016-4335 HIGH
Lexmark Perspective < - Buffer Overflow
CVSS 8.4
CVE-2016-4296 HIGH
Hancom Office 2014 - Code Injection
CVSS 7.8
CVE-2016-4295 HIGH
Hancom Office 2014 < 9.1.0.2176 - Heap Overflow in HncChartPlugin.hplg Chart Formula Rendering
CVSS 7.8
CVE-2016-4294 HIGH
Hancom Office 2014 - Buffer Overflow
CVSS 7.8
CVE-2016-4292 HIGH
Hancom Office 2014 - Memory Corruption
CVSS 7.8
CVE-2016-2378 HIGH
Pidgin < 2.10.12 - Buffer Overflow via MXIT Protocol Negative Length Values
CVSS 8.1
CVE-2016-2377 HIGH
Pidgin < 2.10.12 - Buffer Overflow via MXIT Protocol HTTP Response
CVSS 8.1
CVE-2016-2376 HIGH
Pidgin < 2.10.12 - Remote Code Execution via MXIT Protocol Packet Handling
CVSS 8.1
CVE-2016-2368 HIGH
Pidgin < 2.10.12 - Multiple Memory Corruption Vulnerabilities in MXIT Protocol Handling
CVSS 8.1
CVE-2016-2339 CRITICAL
Ruby - Heap Overflow in Fiddle::Function.new Initialize
CVSS 9.8
CVE-2016-6890 CRITICAL
MatrixSSL < 3.8.6 - Remote Code Execution via X.509 Certificate Subject Alt Name
CVSS 9.8
CVE-2016-10012 HIGH
OpenSSH <7.4 - Privilege Escalation
CVSS 7.8
CVE-2016-10011 MEDIUM
OpenSSH < 7.3 - Information Disclosure via authfile.c Buffer Handling
CVSS 6.2
CVE-2016-9933 HIGH
libgd - Denial of Service via Negative Color Value in gdImageFillToBorder
CVSS 7.5
CVE-2016-8860 HIGH
Tor <0.2.8.9 and 0.2.9.x <0.2.9.4-alpha - DoS
CVSS 7.5
CVE-2016-8670 CRITICAL
libgd < 2.2.3 - Stack-Based Buffer Overflow via Image Creation
CVSS 9.8
CVE-2016-9942 CRITICAL
LibVNCServer < 0.9.11 - Heap-Based Buffer Overflow via Ultra Tile FramebufferUpdate Message
CVSS 9.8
CVE-2016-9941 CRITICAL
LibVNCServer < 0.9.11 - Heap-Based Buffer Overflow via Crafted FramebufferUpdate Message
CVSS 9.8
CVE-2016-9846 MEDIUM
QEMU < 2.7.1 - Memory Leak in Virtio GPU Cursor Update
CVSS 6.5
Details
Vulnerabilities 14,006
Exploit Likelihood High