CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-2497 HIGH
Android 4.x-5.1.x and 6.x before 2016-08-01 - Intent-Filter Priority Manipulation
CVSS 7.3
CVE-2016-5252 HIGH
Oracle Linux < 47.0.1 - Memory Corruption
CVSS 8.8
CVE-2016-2838 HIGH
Firefox < 48.0 - Remote Code Execution via SVG Directional Content
CVSS 8.8
CVE-2016-2837 MEDIUM
Firefox < 48.0 - Remote Code Execution via ClearKey CDM Heap Overflow
CVSS 6.3
CVE-2016-2836 HIGH
Firefox < 48.0 - Remote Code Execution via Browser Engine Memory Corruption
CVSS 8.8
CVE-2016-6297 HIGH
PHP < 5.5.37 - Denial of Service via Integer Overflow in php_stream_zip_opener
CVSS 8.8
CVE-2016-6296 CRITICAL
PHP < 5.5.37 - Heap-Based Buffer Overflow via xmlrpc_encode_request
CVSS 9.8
CVE-2016-6293 CRITICAL
International Components for Unicode < 57.1 - Out-of-Bounds Read via uloc_acceptLanguageFromHTTP
CVSS 9.8
CVE-2016-6291 CRITICAL
PHP <5.5.38, <5.6.24, <7.0.9 - DoS/Info Disclosure
CVSS 9.8
CVE-2016-6288 CRITICAL
PHP < 5.5.37 - Buffer Over-read via php_url_parse_ex Function
CVSS 9.8
CVE-2016-5129 HIGH
Google Chrome < 52.0.2743.82 - Memory Corruption via Left-Trimmed Objects
CVSS 8.8
CVE-2016-1709 HIGH
Google sfntly <2016-06-10 - Buffer Overflow
CVSS 8.8
CVE-2016-4653 HIGH
Apple iOS <9.3.3, macOS <10.11.6, tvOS <9.2.2, watchOS <2.2.2 - Local Privilege Escalation via Memory Corruption
CVSS 7.8
CVE-2016-4647 HIGH
macOS < 10.11.6 - Privilege Escalation and Denial of Service via Crafted Audio File
CVSS 7.8
CVE-2016-4640 HIGH
macOS < 10.11.6 - Remote Code Execution and Information Disclosure via Crafted App
CVSS 7.8
CVE-2016-4637 HIGH
Apple iOS <9.3.3, macOS <10.11.6, tvOS <9.2.2, watchOS <2.2.2 - Remote Code Execution via Crafted BMP Image
CVSS 8.8
CVE-2016-4634 HIGH
Apple OS X < 10.11.6 - Memory Corruption in Graphics Drivers
CVSS 7.8
CVE-2016-4632 HIGH
Apple iOS <9.3.3, macOS <10.11.6, tvOS <9.2.2, watchOS <2.2.2 - Denial of Service via ImageIO Memory Consumption
CVSS 7.5
CVE-2016-4631 HIGH
Apple iOS < 9.3.3, macOS < 10.11.6, tvOS < 9.2.2, watchOS < 2.2.2 - Remote Code Execution via Crafted TIFF File
CVSS 8.8
CVE-2016-4630 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted EXR Image with B44 Compression
CVSS 8.8
CVE-2016-4629 CRITICAL
macOS < 10.11.6 - Remote Code Execution via Crafted EXR Image
CVSS 9.8
CVE-2016-4624 HIGH
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4623 HIGH
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4622 HIGH
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4621 HIGH
macOS < 10.11.6 - Remote Code Execution via Memory Corruption in libc++abi
CVSS 7.8
Details
Vulnerabilities 14,008
Exploit Likelihood High