CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,027 vulnerabilities with CWE-119
CVE-2009-3699
IBM VIOS < 2.1.0 and AIX 5.x-6.1.3 - Remote Code Execution via Long XDR String in rpc.cmsd
CVE-2009-2527
Microsoft Windows Media Player 6.4 - Buffer Overflow
CVE-2009-2502 HIGH
Microsoft GDI+ - Remote Code Execution via Crafted TIFF Image
CVSS 8.1
CVE-2009-2501
Microsoft Internet Explorer <6.0 - Buffer Overflow
CVE-2009-3459 HIGH KEV
Adobe Acrobat < 9.1.3 - Remote Code Execution via Crafted PDF File
CVSS 8.8
CVE-2009-3670
KSP Sound Player 2009 R2 and R2.1 - Stack-Based Buffer Overflow via .m3u Playlist File
CVE-2009-3574
Tuniac 090517c - Buffer Overflow via .pls Playlist File1 Argument
CVE-2009-3571
Openoffice.org - Memory Corruption
CVE-2009-3569
OpenOffice.org - Stack-based Buffer Overflow
CVE-2009-3537
EpicDJ 1.3.9.1 - Stack-Based Buffer Overflow via Long String in Playlist File
CVE-2009-3536
EpicDJSoftware EpicVJ 1.2.8.0 and 1.3.1.2 - Stack-Based Buffer Overflow via Long String in Playlist File
CVE-2009-3522
avast! Home and Professional < 4.8.1356 - Local Privilege Escalation via IOCTL 0xb2c80018
CVE-2009-3484
Core FTP 2.1 build 1612 - Stack-based Buffer Overflow via Long Hostname in Site Backup File
CVE-2009-3483
GlobalSCAPE CuteFTP 8.3.3 and 8.3.3.0054 - Heap-Based Buffer Overflow via Long Site Label
CVE-2009-3476
Shibboleth Service Provider 1.3.x < 1.3.4 and 2.x < 2.2.1 - Buffer Overflow via Malformed Encoded URL
CVE-2009-2905
newt 0.51.5, 0.51.6, 0.52.2 - Heap-Based Buffer Overflow in Textbox Dialog
CVE-2009-2865
Cisco Unified Communications Manager Express - Buffer Overflow via Crafted HTTP Requests
CVE-2009-3431
Adobe Acrobat 9.x < 9.1.3, 8.x < 8.1.6, 7.x < 7.1.4 - Denial of Service via PDF Alert Method
CVE-2009-3429
Pirate Radio Destiny Media Player 1.61 - Stack-Based Buffer Overflow via .pls Playlist File
CVE-2009-3428
Easy Music Player 1.0.0.2 - Remote Code Execution via Crafted WAV File
CVE-2009-2817
Apple iTunes < 9.0.1 - Remote Code Execution via Crafted .pls File
CVE-2009-3364
FTPShell Client 4.1 RC2 - Remote Code Execution via Long PASV Response
CVE-2009-3347
D-Link DIR-400 - Buffer Overflow
CVE-2009-3345
SAP Crystal Reports Server 2008 - Heap-Based Buffer Overflow
CVE-2009-3341
Linksys WRT54GL - Buffer Overflow
Details
Vulnerabilities 14,027
Exploit Likelihood High