CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,011 vulnerabilities with CWE-119
CVE-2012-4750 CRITICAL
Ezhometech EzServer 7.0 - Remote Code Execution via AMF Request memcpy Overflow
CVSS 9.8
CVE-2012-6712 CRITICAL
Linux Kernel 2.6.27-3.3 - Buffer Overflow in iwl-agn-sta.c
CVSS 9.8
CVE-2012-6711 HIGH
GNU Bash < 4.3 - Heap-Based Buffer Overflow via echo -e Built-in Function
CVSS 7.0
CVE-2012-0771 HIGH
Adobe Shockwave Player <11.6.4.634 - Memory Corruption
CVSS 8.8
CVE-2012-5361 HIGH
FFmpeg < 0.10.15 - Remote Code Execution via Crafted WMV File
CVSS 7.8
CVE-2012-6704 HIGH
Linux Kernel < 3.2.85 - Memory Corruption via Negative sk_sndbuf/sk_rcvbuf Values
CVSS 7.8
CVE-2012-6700 HIGH
Debian Linux - Memory Corruption
CVSS 7.5
CVE-2012-6699 HIGH
Debian Linux - Memory Corruption
CVSS 7.5
CVE-2012-6698 HIGH
Debian Linux - Memory Corruption
CVSS 7.5
CVE-2012-5451
TVMOBiLi <2.1.0.3974 - Buffer Overflow
CVE-2012-4988
XnView 1.99 and 1.99.1 - Remote Code Execution via Crafted JLS Image File
CVE-2012-5106
FreeFloat FTP Server 1.0 - Buffer Overflow
CVE-2012-0273
MinaliC 2.0.0 - Remote Code Execution via Stack-Based Buffer Overflow
CVE-2012-2052
Adobe Photoshop CS5 12.x-12.0.4 and CS5.1 12.1.x-12.1.0 - Remote Code Execution via U3D Library Collada Asset Element
CVE-2012-5044
Cisco IOS < 15.3(1)T - Denial of Service via VoIP Traffic
CVE-2012-1317
Cisco IOS - Denial of Service via High-Rate Multicast Packet Flood
CVE-2012-6429
Samsung Kies < 2.5.0.12114_1 - Remote Code Execution via SyncService.dll PrepareSync Password Argument
CVE-2012-4886
Kingsoft WPS Office <8.1.0.3238 - Buffer Overflow
CVE-2012-0270
Csound < 5.16.6 - Remote Code Execution via Crafted HETRO or PVOC File
CVE-2012-2108
Csound < 5.17.2 - Stack-based Buffer Overflow via Crafted File Conversion
CVE-2012-6618
FFmpeg < 1.0.2 - Denial of Service via Crafted MP3 File
CVE-2012-6616
FFmpeg < 1.0.2 - Denial of Service via Crafted 3GPP TS 26.245 Data
CVE-2012-6303
Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader
CVE-2012-4709
Invensys Wonderware InTouch HMI <2012 R2 - Info Disclosure
CVE-2012-4424
glibc < 2.17 - Stack-based Buffer Overflow via Long String in strcoll_l
Details
Vulnerabilities 14,011
Exploit Likelihood High