CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-3318 HIGH
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 - Remote Code Execution via Crafted File
CVSS 7.8
CVE-2016-3317 HIGH
Microsoft Office/Word Remote Code Execution via Crafted File
CVSS 7.8
CVE-2016-3316 HIGH
Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac - Remote Code Execution via Crafted File
CVSS 7.8
CVE-2016-3313 HIGH
Microsoft Office 2007-2016 & Word Viewer RCE via Crafted File
CVSS 7.8
CVE-2016-3296 HIGH
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine
CVSS 7.5
CVE-2016-3293 HIGH
Microsoft Edge and Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-3290 HIGH
Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-3289 HIGH
Microsoft Edge and Internet Explorer 11 - Remote Code Execution via Crafted Web Page
CVSS 7.5
CVE-2016-3288 HIGH
Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-2063 HIGH
Linux Kernel 3.0-3.19.8 - Stack-Based Buffer Overflow in MSM Thermal Driver via Debugfs Interface
CVSS 7.8
CVE-2016-5140 CRITICAL
Google Chrome < 52.0.2743.82 - Heap-Based Buffer Overflow in OpenJPEG J2K Parser
CVSS 9.8
CVE-2016-5139 HIGH
Google Chrome < 52.0.2743.116 - Heap-Based Buffer Overflow via Crafted JPEG 2000 Data
CVSS 7.6
CVE-2016-5359 MEDIUM
Wireshark 1.12.x < 1.12.12 - Denial of Service via WBXML Dissector Offset Mishandling
CVSS 5.9
CVE-2016-5356 MEDIUM
Wireshark 1.12.x < 1.12.12 and 2.x < 2.0.4 - Denial of Service in CoSine File Parser
CVSS 5.9
CVE-2016-5116 CRITICAL
libgd < 2.2.0 - Stack-Based Buffer Under-Read in gd_xbm.c
CVSS 9.1
CVE-2016-5114 CRITICAL
PHP < 5.5.31, 5.6.x < 5.6.17, 7.x < 7.0.2 - Denial of Service via Long String in fpm_log.c
CVSS 9.1
CVE-2016-6516 HIGH
Linux Kernel <4.7 - Privilege Escalation
CVSS 7.4
CVE-2016-6187 HIGH
Linux kernel <4.6.5 - Privilege Escalation
CVSS 7.8
CVE-2016-5400 MEDIUM
Linux Kernel < 4.6.6 - Denial of Service via Airspy USB Driver Memory Leak
CVSS 4.3
CVE-2016-3825 HIGH
Android <5.0.2, <5.1.1, <2016-08-01 - Privilege Escalation
CVSS 7.8
CVE-2016-3824 HIGH
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - Privilege Escalation
CVSS 7.8
CVE-2016-3823 HIGH
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - Privilege Escalation
CVSS 7.8
CVE-2016-3822 HIGH
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - RCE
CVSS 7.8
CVE-2016-3820 CRITICAL
Android 6.x - Remote Code Execution via Crafted Media File in ih264d Decoder
CVSS 9.8
CVE-2016-3819 CRITICAL
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - RCE/DoS
CVSS 9.8
Details
Vulnerabilities 14,008
Exploit Likelihood High