CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,012 vulnerabilities with CWE-119
CVE-2012-1537
DirectX 9.0-11.1 - Remote Code Execution via Crafted Office Document
CVE-2012-4857
IBM Informix Dynamic Server 11.50-11.50.xC9W2 & 11.70 < 11.70.xC7 - Remote Code Execution via SQL
CVE-2012-3274
HP Intelligent Management Center < 5.1 - Stack-based Buffer Overflow in User Access Manager
CVE-2012-5129
Google Chrome OS <23.0.1271.94 - Buffer Overflow
CVE-2012-5611
Oracle MySQL <5.5.28 & MariaDB <5.5.28a - RCE
CVE-2012-4560
libssh < 0.5.3 - Buffer Overflow
CVE-2012-5134
Google Chrome < 23.0.1271.91 - Heap-Based Buffer Underflow via Crafted XML Entities
CVE-2012-6048
Guitar Pro 6.1.1 r10791 - Denial of Service via Long String in GPX File
CVE-2012-6042
GPSMapEdit 1.1.73.2 - Denial of Service via Long String in LST File
CVE-2012-0698
TrouSerS < 0.3.10 - Denial of Service via Crafted TCP Packet
CVE-2012-4527
mcrypt <= 2.6.8 - Stack-Based Buffer Overflow via Long File Name
CVE-2012-4409
mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header
CVE-2012-5838
Firefox < 17.0 - Remote Code Execution via WebGL copyTexImage2D
CVE-2012-5833
Firefox/Thunderbird/SeaMonkey < 17.0, ESR < 10.0.11 - RCE via WebGL texImage2D
CVE-2012-4204
Firefox < 17.0 - Remote Code Execution via str_unescape Memory Corruption
CVE-2012-5854
WeeChat 0.3.6-0.3.9 - Heap-Based Buffer Overflow via IRC Color Decoding
CVE-2012-4552
PLIB 1.8.5 - Stack-Based Buffer Overflow in ssgParser Error Function
CVE-2012-4956
Novell File Reporter <1.0.2 - Buffer Overflow
CVE-2012-4575
pgbouncer 1.5.2 - Denial of Service via Long Database Name
CVE-2012-5917
SnackAmp 3.1.3 - Denial of Service via Long String in AIFF File
CVE-2012-5905
KnFTPd 1.0.0 - Authenticated Denial of Service via FEAT Command Buffer Overflow
CVE-2012-5904
IrfanView < 4.33 - Remote Code Execution via Crafted RLE Compressed Bitmap File
CVE-2012-4953
Symantec Endpoint Protection <11.0 - DoS
CVE-2012-2543
Microsoft Excel <2011 - Buffer Overflow
CVE-2012-1886
Microsoft Excel 2003/2007/2010 Remote Code Execution via Crafted Spreadsheet
Details
Vulnerabilities 14,012
Exploit Likelihood High