CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,014 vulnerabilities with CWE-119
CVE-2012-4045
Winamp < 5.63 - Remote Code Execution via Crafted AVI File
CVE-2012-2738
VteTerminal < 0.32.2 - Authenticated Denial of Service via Escape Sequence with Large Repeat Count
CVE-2012-3008
OSIsoft PI OPC DA Interface <2.3.20.9 - RCE
CVE-2012-0284
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
CVE-2012-3358
OpenJPEG 1.5 - Heap-Based Buffer Overflow via JPEG 2000 Image Tile Data
CVE-2012-1953
Firefox 4.x-13.0 - Remote Code Execution via ElementAnimations::EnsureStyleRuleFor
CVE-2012-1571 MEDIUM
file < 5.11 and libmagic - Denial of Service via Crafted CDF File
CVSS 6.5
CVE-2012-0282
XnView < 1.98.8 - Heap-Based Buffer Overflow via GIF ImageDescriptor ImageLeftPosition
CVE-2012-0277
XnView < 1.99 - Heap-Based Buffer Overflow via Crafted PCT Image
CVE-2012-0276
XnView < 1.99 - Heap-Based Buffer Overflow via SGI32LogLum Compressed TIFF Image
CVE-2012-2836
EXIF Tag Parsing Library <0.6.21 - DoS/Info Disclosure
CVE-2012-2814
libexif 0.6.20 - Buffer Overflow in EXIF Tag Parsing
CVE-2012-2813
EXIF Tag Parsing Library <0.6.21 - DoS/Info Disclosure
CVE-2012-2812
EXIF Tag Parsing Library <0.6.21 - DoS/Info Disclosure
CVE-2012-3377
VLC media player < 2.0.2 - Heap-Based Buffer Overflow in OGG Demuxer
CVE-2012-2614
Lattice Diamond Programmer 1.4.2 - Buffer Overflow
CVE-2012-1162
libzip 0.10 - Heap-Based Buffer Overflow in _zip_readcdir Function
CVE-2012-3890
Winamp < 5.63 - Heap Memory Corruption via IT File Processing
CVE-2012-3889
Winamp < 5.623 - Memory Corruption via IT File Parsing
CVE-2012-1891 CRITICAL
Microsoft Data Access Components 2.8 SP1-SP2 & Windows DAC 6.0 - RCE via Crafted XML
CVSS 9.8
CVE-2012-3374
Pidgin < 2.10.5 - Remote Code Execution via MXit Inline Image
CVE-2012-3585
IrfanView PlugIns < 4.33 - Remote Code Execution via Crafted JLS File
CVE-2012-3007
Invensys Wonderware SuiteLink <58.x - Buffer Overflow
CVE-2012-2515
KeyHelp.KeyCtrl.1 <1.2.312 - Buffer Overflow
CVE-2012-1832
WellinTech KingView < 6.53 - Remote Code Execution or Denial of Service via Crafted Packet
Details
Vulnerabilities 14,014
Exploit Likelihood High