CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,020 vulnerabilities with CWE-119
CVE-2010-3777
Mozilla Firefox 3.6.x < 3.6.13 and Thunderbird 3.1.x < 3.1.7 - Remote Code Execution via Memory Corruption
CVE-2010-3776
Mozilla Firefox < 3.5.16 and 3.6.x < 3.6.13 - Remote Code Execution via Memory Corruption
CVE-2010-3769
Firefox < 3.5.16 and 3.6.x < 3.6.13 - Remote Code Execution via Line-Breaking Buffer Over-Read
CVE-2010-3801
Apple QuickTime < 7.6.9 - Remote Code Execution via Crafted FlashPix File
CVE-2010-3800
Apple QuickTime < 7.6.9 - Remote Code Execution via Crafted PICT File
CVE-2010-1508
Apple QuickTime <7.6.9 - Buffer Overflow
CVE-2010-4489
Google Chrome < 8.0.552.214 - Denial of Service via Crafted WebM Video
CVE-2010-4259
FontForge 20100501 - Stack-based Buffer Overflow via Long CHARSET_REGISTRY Header in BDF Font File
CVE-2010-4371
Winamp < 5.6 - Buffer Overflow in in_mod Plugin via Comment Box
CVE-2010-3855
FreeType < 2.4.3 - Buffer Overflow in TrueType GX Font Parser
CVE-2010-3832
iPhone OS < 4.2 - Remote Code Execution via Crafted TMSI Field
CVE-2010-3814
FreeType < 2.4.3 - Remote Code Execution via Crafted SHZ Bytecode Instruction
CVE-2010-4300
Wireshark 1.2.0-1.2.12 and 1.4.0-1.4.1 - Heap-Based Buffer Overflow in LDSS Dissector
CVE-2010-3822
Safari < 5.0.3 - Remote Code Execution via Uninitialized Pointer in CSS Counter Style Processing
CVE-2010-3821
Safari < 5.0.3 - Remote Code Execution via CSS :first-letter Pseudo-Element
CVE-2010-4299
Novell Zenworks Handheld Management - Remote Code Execution via Crafted TCP Port 2400 Request
CVE-2010-4230
Camtron and TecVoz CMNC-200 Firmware 1.102A-008 - Stack-Based Buffer Overflow via ActiveX Connect Method
CVE-2010-4008
Google Chrome < 7.0.517.44 - Memory Corruption
CVE-2010-3798
macOS X 10.6.x < 10.6.5 - Remote Code Execution via Crafted xar Archive
CVE-2010-3795
macOS X 10.6.x - Remote Code Execution via GIF Image Processing
CVE-2010-3794
macOS X 10.6.x < 10.6.5 - Remote Code Execution via FlashPix Image Processing
CVE-2010-3793
QuickTime in Apple Mac OS X 10.6.x < 10.6.5 - Remote Code Execution via Crafted Sorenson Movie File
CVE-2010-3791
QuickTime - Remote Code Execution via Crafted MPEG Movie File
CVE-2010-3790
QuickTime in Mac OS X 10.6.x < 10.6.5 - Remote Code Execution via Crafted Movie File
CVE-2010-3789
QuickTime in Apple Mac OS X 10.6.x - Remote Code Execution via Crafted AVI File
Details
Vulnerabilities 14,020
Exploit Likelihood High