CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,008 vulnerabilities with CWE-119
CVE-2016-0837 CRITICAL
Android <4.4.4, <5.0.2, <5.1.1, <2016-04-01 - RCE/DoS
CVSS 9.8
CVE-2016-0836 HIGH
Android 6.x - Remote Code Execution via Crafted Media File
CVSS 7.8
CVE-2016-0835 CRITICAL
Android 6.x - Remote Code Execution via Crafted Media File
CVSS 9.8
CVE-2016-1340 HIGH
Cisco UCS Platform Emulator <3.0.2 - Buffer Overflow
CVSS 8.4
CVE-2016-2146 HIGH
Fedora < 0.11.0 - Memory Corruption
CVSS 7.5
CVE-2016-4009 CRITICAL
Pillow < 3.1.1 - Heap-Based Buffer Overflow via Negative Resample Size
CVSS 9.8
CVE-2016-3982 HIGH
OptiPNG <0.7.6 - Buffer Overflow
CVSS 8.8
CVE-2016-3981 HIGH
OptiPNG < 0.7.6 - Heap-Based Buffer Overflow in bmp_read_rows
CVSS 7.8
CVE-2016-2533 MEDIUM
Pillow < 3.1.1 - Buffer Overflow in ImagingPcdDecode
CVSS 6.5
CVE-2016-2191 MEDIUM
OptiPNG - Denial of Service via Crafted BMP Image Delta Escapes
CVSS 6.5
CVE-2016-2054 CRITICAL
Xymon <4.3.25 - Buffer Overflow
CVSS 9.8
CVE-2016-0775 MEDIUM
Pillow < 3.1.1 - Buffer Overflow in FLI File Decoder
CVSS 6.5
CVE-2016-0740 MEDIUM
Pillow < 3.1.1 - Buffer Overflow in TIFF Image Decoding
CVSS 6.5
CVE-2016-1495 HIGH
Huawei Mate S <CRR-TL00C01B160SP01 - DoS
CVSS 7.8
CVE-2016-0166 HIGH
Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0164 HIGH
Microsoft Internet Explorer 10 and 11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0159 HIGH
Microsoft Internet Explorer 9 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0157 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0156 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0155 HIGH
Microsoft Edge - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0154 HIGH
Microsoft Edge and Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
CVSS 7.5
CVE-2016-0145 HIGH
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
CVSS 8.8
CVE-2016-0139 HIGH
Microsoft Excel - Remote Code Execution via Crafted Office Document
CVSS 7.8
CVE-2016-0136 HIGH
Microsoft Excel/Office 2007/2010 RCE via Crafted Document
CVSS 7.8
CVE-2016-0135 HIGH
Windows 10 - Local Privilege Escalation via Secondary Logon Service
CVSS 8.4
Details
Vulnerabilities 14,008
Exploit Likelihood High