CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,016 vulnerabilities with CWE-119
CVE-2011-4111
QEMU <0.15.2, <1.0-rc4 - Buffer Overflow
CVE-2011-3604
Router Advertisement Daemon <1.8.2 - DoS
CVE-2011-3601
Router Advertisement Daemon <1.8.2 - RCE
CVE-2011-4610
Red Hat JBoss Communications Platform < 5.1 - Denial of Service via UTF-8 Surrogate Pair Handling
CVE-2011-4351
FFmpeg < 0.5.6, 0.6.x < 0.6.4, 0.7.x < 0.7.8, 0.8.x < 0.8.8 - Buffer Overflow
CVE-2011-3941
FFmpeg < 0.10 - Out-of-Bounds Write via Uninitialized Block Index
CVE-2011-4607
PuTTY 0.59-0.61 - Sensitive Memory Exposure via Keyboard-Interactive Authentication
CVE-2011-4098
Linux Kernel < 3.2 - Denial of Service via GFS2 fallocate Page Cache Handling
CVE-2011-4604
Linux Kernel < 3.3 - Memory Corruption via Crafted batman-adv ICMP Packet
CVE-2011-4520
MICROSYS PROMOTIC < 8.1.5 - Heap-Based Buffer Overflow via Crafted Web Page
CVE-2011-4519
MICROSYS PROMOTIC < 8.1.5 - Denial of Service via ActiveX Component
CVE-2011-1352
Android <2.3.6 - Privilege Escalation
CVE-2011-0433
Evince - Heap-Based Buffer Overflow via Crafted Adobe Font Metrics File
CVE-2011-1374
Apple QuickTime < 7.7.3 - Remote Code Execution via Crafted PICT File REGION Record
CVE-2011-5233
IrfanView < 4.32 - Remote Code Execution via TIFF Rows Per Strip and Samples Per Pixel
CVE-2011-5227
Enterasys NetSight < 4.1.0.79 - Remote Code Execution via Long PRIO Field in Syslog Message
CVE-2011-5202
WinCDEmu 3.6 - Denial of Service via Unmount Command
CVE-2011-3827
Novell GroupWise < 8.00 - Denial of Service via Crafted iCalendar Date-Time String
CVE-2011-5174
Intel SINIT Authenticated Code Module - Buffer Overflow
CVE-2011-5173
Bugbear Entertainment FlatOut 2005 - Buffer Overflow via BED File Title Field
CVE-2011-5172
StoryBoard Quick 6 Build 3786 - Stack-Based Buffer Overflow via Frame XML String Element
CVE-2011-5171
CyberLink Power2Go 7 build 196 and 8 build 1031 - Remote Code Execution via Crafted Project File Parameters
CVE-2011-5170
CCMPlayer 1.5 - Remote Code Execution via Long Track Name in m3u Playlist
CVE-2011-5167
Oracle Hyperion Strategic Finance < 12.0 - Remote Code Execution via ActiveX SetDevNames
CVE-2011-5166
KnFTP 1.0.0 - Remote Code Execution via Multiple Stack-Based Buffer Overflows
Details
Vulnerabilities 14,016
Exploit Likelihood High