CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,006 vulnerabilities with CWE-119
CVE-2016-7461 HIGH
VMware Fusion and Fusion Pro - Arbitrary Code Execution via Drag-and-Drop Function
CVSS 8.8
CVE-2016-7084 HIGH
VMware Workstation Player 12.x - Remote Code Execution via JPEG 2000 Image
CVSS 7.8
CVE-2016-7083 HIGH
VMware Workstation Pro and Player 12.x - Remote Code Execution via Cortado ThinPrint EMFSPOOL TrueType Fonts
CVSS 7.8
CVE-2016-7082 HIGH
VMware Workstation Pro and Player 12.x - Remote Code Execution via EMF File
CVSS 7.8
CVE-2016-7081 HIGH
VMware Workstation Pro and Player 12.x - Heap-Based Buffer Overflow via Cortado ThinPrint Virtual Printing
CVSS 7.8
CVE-2016-9793 HIGH
Linux Kernel 3.5-3.12.69 - Memory Corruption via Negative sk_sndbuf/sk_rcvbuf Values
CVSS 7.8
CVE-2016-7562 MEDIUM
FFmpeg < 3.1.3 - Denial of Service via Crafted AVI File
CVSS 5.5
CVE-2016-6671 HIGH
FFmpeg < 3.1.2 - Remote Code Execution via Crafted SWF File
CVSS 7.8
CVE-2016-7298 HIGH
Microsoft Office - Memory Corruption
CVSS 7.8
CVE-2016-7297 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2016-7296 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2016-7289 HIGH
Microsoft Publisher 2010 SP2 - Remote Code Execution or Denial of Service via Crafted Document
CVSS 7.8
CVE-2016-7288 HIGH
Microsoft Edge - Remote Code Execution via TypedArray.sort Use-After-Free
CVSS 7.5
CVE-2016-7287 HIGH
Microsoft Edge and Internet Explorer 11 - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2016-7286 HIGH
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
CVSS 7.5
CVE-2016-7283 HIGH
Microsoft Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-7279 HIGH
Microsoft Edge and Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-7277 CRITICAL
Microsoft Office 2016 - Remote Code Execution or Denial of Service via Crafted Document
CVSS 9.6
CVE-2016-7263 HIGH
Microsoft Excel for Mac 2011 and 2016 - Remote Code Execution or Denial of Service via Crafted Document
CVSS 7.8
CVE-2016-7181 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-5182 HIGH
Google Chrome < 54.0.2840.59 - Heap Corruption via Bitmap Handling
CVSS 8.8
CVE-2016-8825 HIGH
NVIDIA Windows GPU Display Driver - DoS/Privilege Escalation
CVSS 7.8
CVE-2016-8823 HIGH
NVIDIA Windows GPU Display Driver - DoS
CVSS 7.8
CVE-2016-8817 HIGH
NVIDIA Windows GPU Display Driver - Buffer Overflow
CVSS 7.8
CVE-2016-7886 CRITICAL
Adobe InDesign <= 11.4.1 and InDesign Server <= 11.0.0 - Memory Corruption
CVSS 9.8
Details
Vulnerabilities 14,006
Exploit Likelihood High