CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,020 vulnerabilities with CWE-119
CVE-2011-0994
Novell File Reporter < 1.0.1 - Remote Code Execution via XML Data
CVE-2011-1525
RealNetworks RealPlayer <14.0.2 - RCE
CVE-2011-1567
IGSSdataServer.exe <9.00.00.11063 - Buffer Overflow
CVE-2011-1563
DATAC RealFlex RealWin <2.1 Build 6.1.10.10 - Buffer Overflow
CVE-2011-1552
t1lib < 5.1.2 - Denial of Service via Crafted Type 1 Font
CVE-2011-1097
rsync 3.x < 3.0.8 - Remote Code Execution via Malformed Data
CVE-2011-1205
IBM Rational ClearCase 7.0.0.4-7.1.1.4 - Local Privilege Escalation via Trojan Horse HTML Document
CVE-2011-1167
libtiff < 3.9.4 - Remote Code Execution via Thunder Decoder Heap Overflow
CVE-2011-0024
Wireshark < 1.2 - Heap-Based Buffer Overflow in pcapng.c
CVE-2011-0193
Apple Mac OS X <10.6.7 - Buffer Overflow
CVE-2011-0184
Apple Mac OS X 10.6 < 10.6.7 - Remote Code Execution via Crafted Excel Spreadsheet Formula
CVE-2011-0179
Apple Mac OS X < 10.6.7 - Remote Code Execution via Crafted Embedded Font
CVE-2011-0177
Apple Mac OS X < 10.6.7 - Remote Code Execution via Crafted SFNT Table in Embedded Font
CVE-2011-0176
Apple Mac OS X <10.6.7 - Buffer Overflow
CVE-2011-0175
Apple Mac OS X <10.6.7 - Buffer Overflow
CVE-2011-0174
Apple Mac OS X <10.6.7 - Buffer Overflow
CVE-2011-1006
libcgroup < 0.37.1 - Heap-Based Buffer Overflow via Crafted Controller List
CVE-2011-1464
PHP < 5.3.6 - Denial of Service via strval Function Buffer Overflow
CVE-2011-0708
PHP < 5.3.6 - Denial of Service via Exif Image File Directory Buffer Over-read
CVE-2011-1147
Asterisk < 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4 - Remote Code Execution via UDPTL
CVE-2011-0157
WebKit - Remote Code Execution or Denial of Service via Crafted Web Site
CVE-2011-1285
Google Chrome < 10.0.648.127 - Memory Corruption via Regular Expression Reentrancy
CVE-2011-1198
Google Chrome < 10.0.648.127 - Use-After-Free in Video Functionality
CVE-2011-0344
Alcatel-Lucent OmniPCX < 9.0 - Remote Code Execution via Crafted HTTP Headers
CVE-2011-0192
iTunes < 10.2 - Remote Code Execution via Crafted TIFF Internet Fax Image
Details
Vulnerabilities 14,020
Exploit Likelihood High