CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,020 vulnerabilities with CWE-119
CVE-2011-1987
Microsoft Excel - Remote Code Execution via Crafted Spreadsheet
CVE-2011-3208
Cyrus IMAP Server < 2.3.17 and 2.4.x < 2.4.11 - Remote Code Execution via NNTP Command
CVE-2011-2595
ACDSee FotoSlate 4.0 Build 146 - Stack-Based Buffer Overflow via PLP File Tag
CVE-2011-3343
OpenTTD < 1.1.3 - Denial of Service via Crafted BMP File
CVE-2011-3342
OpenTTD < 1.1.3 - Remote Code Execution via Savegame Chunk Loading
CVE-2011-3200
rsyslog 4.6.x < 4.6.8 and 5.2.0-5.8.4 - Denial of Service via Long TAG in Legacy Syslog Message
CVE-2011-1776 MEDIUM
Linux Kernel < 2.6.39 - Heap-Based Buffer Overflow in EFI GPT Partition Table Handling
CVSS 6.1
CVE-2011-0258
Apple QuickTime < 7.7 - Remote Code Execution via Crafted MP4V Tag
CVE-2011-0311
IBM Java < 1.4.2.13.8 and Runtimes < 5.0.12.4 - DoS via Crafted Class File
CVE-2011-2903
tcptrack < 1.4.2 - Heap-Based Buffer Overflow via Long Command Line Argument
CVE-2011-2594
KMPlayer 3.0.0.1441 - Remote Code Execution via Long Title Field in Playlist File
CVE-2011-0342
InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 - Remote Code Execution via ISSymbol ActiveX Control Buffer Overflow
CVE-2011-1576
Linux Kernel 2.6.18 and 2.6.32 - Denial of Service via VLAN Packet Processing in GRO
CVE-2011-2806
Google Chrome < 13.0.782.215 - Remote Code Execution via Vertex Data Handling
CVE-2011-3268
PHP < 5.3.7 - Buffer Overflow via Long Salt Argument in crypt Function
CVE-2011-2940
stunnel 4.40-4.41 - Remote Code Execution or Denial of Service via Heap Memory Corruption
CVE-2011-2735
EMC AutoStart 5.3.x and 5.4.x < 5.4.1 - Remote Code Execution via Crafted TCP Message
CVE-2011-3170
CUPS < 1.4.8 - Heap-Based Buffer Overflow via Crafted LZW Stream
CVE-2011-2895
FreeType 2.1.9 - Heap-Based Buffer Overflow via LZW Decompression
CVE-2011-2953
RealPlayer 11.0-11.1, 14.0.0-14.0.5, SP 1.0-1.1.5, Enterprise 2.0-2.1.5 - Remote Code Execution via ActiveX Control
CVE-2011-2951
RealPlayer 11.0-11.1, 14.0.0-14.0.5, SP 1.0-1.1.5, Mac 12.0.0.1569 - Remote Code Execution via Crafted AAC File
CVE-2011-2950
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted QCP File
CVE-2011-2949
RealPlayer 11.0-11.1, 14.0.0-14.0.5, SP 1.0-1.1.5, Enterprise 2.0-2.1.5 - Remote Code Execution via Crafted ID3v2 Tags
CVE-2011-2948
RealPlayer Remote Code Execution via DEFINEFONT Field in SWF Files
CVE-2011-2945
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted SIPR Stream
Details
Vulnerabilities 14,020
Exploit Likelihood High