CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-4616 CRITICAL
Apple iPhone OS < 9.3.3 - Memory Corruption in libxml2
CVSS 9.8
CVE-2016-4615 CRITICAL
Apple iOS < 9.3.3, macOS < 10.11.6, tvOS < 9.2.2, watchOS < 2.2.2, iCloud < 5.2.1, iTunes < 12.4.2 - Memory Corruption
CVSS 9.8
CVE-2016-4610 CRITICAL
Xmlsoft Libxslt < 1.1.29 - Memory Corruption
CVSS 9.8
CVE-2016-4609 CRITICAL
Xmlsoft Libxslt < 1.1.29 - Memory Corruption
CVSS 9.8
CVE-2016-4608 CRITICAL
Xmlsoft Libxslt < 1.1.28 - Memory Corruption
CVSS 9.8
CVE-2016-4607 CRITICAL
Xmlsoft Libxslt < 1.1.29 - Memory Corruption
CVSS 9.8
CVE-2016-4602 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted FlashPix Bitmap Image
CVSS 8.8
CVE-2016-4601 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted SGI Image
CVSS 8.8
CVE-2016-4600 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted FlashPix Bitmap Image
CVSS 8.8
CVE-2016-4599 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted Photoshop Document
CVSS 7.8
CVE-2016-4598 CRITICAL
macOS < 10.11.6 - Remote Code Execution via Crafted Image in QuickTime
CVSS 9.8
CVE-2016-4597 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted FlashPix Bitmap Image
CVSS 8.8
CVE-2016-4596 HIGH
macOS < 10.11.6 - Remote Code Execution via Crafted FlashPix Bitmap Image
CVSS 8.8
CVE-2016-4589 HIGH
WebKit - Remote Code Execution or Denial of Service via Memory Corruption
CVSS 8.8
CVE-2016-4588 HIGH
WebKit - Remote Code Execution or Denial of Service via Memory Corruption
CVSS 8.8
CVE-2016-4587 MEDIUM
WebKit - Information Disclosure via Uninitialized Memory
CVSS 6.5
CVE-2016-4586 HIGH
Apple Safari < 9.1.2 and tvOS < 9.2.2 - Remote Code Execution via Memory Corruption
CVSS 8.8
CVE-2016-4584 HIGH
Safari < 9.1.2 - Remote Code Execution via WebKit Page Loading
CVSS 8.8
CVE-2016-4582 HIGH
Apple iOS <9.3.3, macOS <10.11.6, tvOS <9.2.2, watchOS <2.2.2 - Local Privilege Escalation via Memory Corruption
CVSS 7.8
CVE-2016-5637 HIGH
libbpg 0.9.5-0.9.7 - Remote Code Execution via Crafted BPG Image
CVSS 8.8
CVE-2016-4254 CRITICAL
Adobe Reader and Acrobat <11.0.17, DC Classic <15.006.30198, DC Con...
CVSS 9.8
CVE-2016-4252 CRITICAL
Adobe Reader and Acrobat <11.0.17, DC Classic <15.006.30198, DC Con...
CVSS 9.8
CVE-2016-4251 CRITICAL
Adobe Reader and Acrobat <11.0.17, DC Classic <15.006.30198, DC Con...
CVSS 9.8
CVE-2016-4250 CRITICAL
Adobe Reader and Acrobat <11.0.17, DC Classic <15.006.30198, DC Con...
CVSS 9.8
CVE-2016-4214 CRITICAL
Adobe Reader and Acrobat <11.0.17, DC Classic <15.006.30198, DC Con...
CVSS 9.8
Details
Vulnerabilities 14,008
Exploit Likelihood High