CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,027 vulnerabilities with CWE-119
CVE-2009-2139
OpenOffice.org - Heap-based Buffer Overflow via Crafted EMF File
CVE-2009-1132
Windows Vista and Server 2008 - Remote Code Execution via Malformed Wireless Frame
CVE-2009-0199
VMware Movie Decoder <6.5.3 - Buffer Overflow
CVE-2009-3088
IBM Tivoli Directory Server 6.0 - Heap-Based Buffer Overflow
CVE-2009-3083
libpurple < 2.6.2 - Denial of Service via Malformed MSN SLP Invite Message
CVE-2009-2703
libpurple < 2.6.2 - Denial of Service via IRC TOPIC Message
CVE-2009-2346
Asterisk <1.2.35, <1.4.26.2, <1.6.0.15, <1.6.1.6 DoS via IAX2
CVE-2009-3058
akPlayer 1.9.0 - Remote Code Execution via Long String in PLT Playlist File
CVE-2009-3050
HTMLDOC < 1.8.27 - Buffer Overflow via Long MEDIA SIZE Comment
CVE-2009-0201
OpenOffice.org <3.1.1 - Buffer Overflow
CVE-2009-2957
dnsmasq < 2.50 - Heap-Based Buffer Overflow via Long TFTP Filename
CVE-2009-3037
IBM Lotus Notes 5.x-8.5.x - Remote Code Execution via Crafted XLS Spreadsheet
CVE-2009-2695
Linux kernel <2.6.31-rc7 - Privilege Escalation
CVE-2009-2961
KOL Player 1.0 - Stack-Based Buffer Overflow via Long URL in MP3 Playlist
CVE-2009-2934
Programmed Integration PIPL 2.5.0 and 2.5.0D - Remote Code Execution via Long String in Playlist File
CVE-2009-1154
Cisco IOS XR < 3.8.1 - Denial of Service via Long BGP UPDATE Message
CVE-2009-2917
ImTOO MPEG Encoder 3.1.53 - Stack-Based Buffer Overflow via Crafted Playlist File
CVE-2009-2732
ntop < 3.3.10 - Denial of Service via Malformed Authorization Header
CVE-2009-2896
KMplayer < 2.9.4.1433 - Buffer Overflow via Subtitle Playlist File
CVE-2009-2850
NASA Common Data Format - Multiple Buffer Overflow in ReadAEDRList64 and Other Functions
CVE-2009-2767
Linux Kernel < 2.6.31-rc6 - Denial of Service or Privilege Escalation via CLOCK_MONOTONIC_RAW clock_nanosleep
CVE-2009-2195
Apple Safari < 4.0.3 - Remote Code Execution via Crafted Floating-Point Numbers
CVE-2009-2496
Microsoft Office XP-2007 - Buffer Overflow
CVE-2009-1929
Microsoft Terminal Services Client <6.1 - RCE
CVE-2009-1923
Microsoft Windows 2000/Server 2003 - Buffer Overflow
Details
Vulnerabilities 14,027
Exploit Likelihood High