CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,027 vulnerabilities with CWE-119
CVE-2010-0364
VideoLAN VLC Media Player 0.8.6 - Stack-Based Buffer Overflow via Crafted Advanced SubStation Alpha Subtitle
CVE-2010-0361
Sun Java System Web Server 7.0 Update 7 - Stack-Based Buffer Overflow via WebDAV OPTIONS Request
CVE-2010-0359
Zeus Web Server - Buffer Overflow via SSLv2 Client Hello Message
CVE-2010-0358
IBM Lotus Domino 7 and 8.5 FP1 - Heap-Based Buffer Overflow via LDAP Message
CVE-2010-0037 HIGH
Apple Mac OS X 10.5.8 and 10.6.2 - Remote Code Execution via Crafted DNG Image
CVSS 8.8
CVE-2010-0036 HIGH
Apple Mac OS X 10.5.8 and 10.6.2 - Remote Code Execution via Crafted MP4 Audio File
CVSS 7.8
CVE-2010-0356
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow via DrawText strFontName Parameter
CVE-2010-0272
Sun Java System Web Server 7.0 Update 6 - Heap-based Buffer Overflow via Crafted TCP Data
CVE-2009-5153 CRITICAL
Novell NetWare < 6.5 SP8 - Unauthenticated Remote Code Execution via CALLIT RPC Length Field
CVSS 9.8
CVE-2009-5137
Mini-stream CastRipper 2.50.70 - Stack-based Buffer Overflow via Long URL in PLS Playlist
CVE-2009-5134
uTorrent 1.8.3 - Buffer Overflow via Large String in Create Torrent Dialog
CVE-2009-5130
Websense Email Security < 7.1 - Denial of Service via Crafted Attachment Size
CVE-2009-5129
Websense V10000 < 1.0.0 - Denial of Service via LDAP Authentication
CVE-2009-5128
Websense V10000 - Denial of Service via Large File Buffering
CVE-2009-5124
Comodo Internet Security < 3.11.108364.552 - Denial of Service via Crafted Packed File
CVE-2009-5123
Comodo Internet Security < 3.11.108364.552 - Denial of Service via Crafted Compressed File
CVE-2009-5030
OpenJPEG 1.3-1.5 - Memory Corruption via Crafted Gray16 TIFF Tile Information
CVE-2009-0693
Wyse Device Manager 4.7.x - Remote Code Execution via User-Agent HTTP Header or hagent.exe Input
CVE-2009-5109
Mini-Stream Ripper 3.0.1.1 - Stack-Based Buffer Overflow via .pls File
CVE-2009-5028
Namazu < 2.0.20 - Stack-Based Buffer Overflow via Empty URI Field
CVE-2009-0900
IBM WebSphere MQ 6.0-6.0.2.6 and 7.0-7.0.0.9 - Local Privilege Escalation via Crafted SSL Information in CCDT File
CVE-2009-5022
libtiff < 3.9.5 - Heap-based Buffer Overflow in OJPEG Decoder
CVE-2009-5018
gif2png <= 2.5.3 - Stack-based Buffer Overflow via Long Command-line Argument
CVE-2009-4988
SAP Business One 2005 A - Stack-Based Buffer Overflow via GIOP Request
CVE-2009-4964
KSP 2006 FINAL - Stack-Based Buffer Overflow via M3U Playlist File
Details
Vulnerabilities 14,027
Exploit Likelihood High