CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,009 vulnerabilities with CWE-119
CVE-2015-3739
Apple iTunes < 12.2 - Remote Code Execution via Memory Corruption
CVE-2015-3738
iTunes < 12.2 - Remote Code Execution via Crafted Web Site
CVE-2015-3737
iTunes < 12.2 - Remote Code Execution via Crafted Web Site
CVE-2015-3736
Apple iTunes < 12.2 - Remote Code Execution via Memory Corruption
CVE-2015-3735
iTunes < 6.2.8 - Remote Code Execution via Crafted Web Site
CVE-2015-3734
iTunes < 12.2 - Remote Code Execution via Crafted Web Site
CVE-2015-3733
Apple iTunes < 12.2 and iPhone OS < 8.4.1 and Safari 6.0-6.2.8 - Remote Code Execution via Crafted Web Site
CVE-2015-3732
Apple WebKit - Crafted Web Site Memory Corruption Code Execution
CVE-2015-3731
iTunes < 12.2 - Remote Code Execution via Crafted Web Site
CVE-2015-3730
WebKit in Apple iTunes < 12.2 - Remote Code Execution via Crafted Web Site
CVE-2015-4493
Oracle Solaris < 39.0.3 - Memory Corruption
CVE-2015-4489
Oracle Solaris < 39.0.3 - Memory Corruption
CVE-2015-4487
Firefox < 40.0 - Memory Corruption via nsTSubstring::ReplacePrep Overflow
CVE-2015-4486
Canonical Ubuntu Linux < 39.0.3 - Memory Corruption
CVE-2015-4485
Firefox < 40.0 - Remote Code Execution via Malformed WebM Video Data
CVE-2015-4484
Canonical Ubuntu Linux < 39.0.3 - Memory Corruption
CVE-2015-4482
Opensuse < 39.0.3 - Memory Corruption
CVE-2015-4475
Firefox < 40.0 - Remote Code Execution via MP3 Audio Sample Format Handling
CVE-2015-4473
Canonical Ubuntu Linux < 39.0.3 - Memory Corruption
CVE-2015-2477
Microsoft Office 2007 SP3, Office for Mac 2011/2016, Word Viewer - RCE via Crafted Document
CVE-2015-2474
Windows Vista SP2 and Server 2008 SP2 - Authenticated Remote Code Execution via SMB Server Error-Logging
CVE-2015-2469
Microsoft Office and Word - Remote Code Execution via Crafted Document
CVE-2015-2468
Microsoft Office - Remote Code Execution via Crafted Document
CVE-2015-2467
Microsoft Office 2007 SP3 - Remote Code Execution via Crafted Document
CVE-2015-2452
Microsoft Internet Explorer 7-11 - Remote Code Execution via Memory Corruption
Details
Vulnerabilities 14,009
Exploit Likelihood High