CWE-119

High likelihood

Improper Restriction of Operations within the Bounds of a Memory Buffer

Parent: CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

14,030 vulnerabilities with CWE-119
CVE-2007-3678
QuarkXPress 7.2 - Stack-based Buffer Overflow via Long Font Name in Word 6-2000 Filter
CVE-2007-0041
Microsoft .NET Framework 1.0, 1.1, 2.0 - Remote Code Execution via Unchecked Buffer
CVE-2007-0043
Microsoft .NET Framework 1.0, 1.1, 2.0 - Remote Code Execution via JIT Compiler Unchecked Buffer
CVE-2007-3655
JRE 5.0 Update 11 and earlier, 6.0 Update 1 and earlier - Remote Code Execution via JNLP File
CVE-2007-3638
Yahoo! Messenger 8.1 - Buffer Overflow
CVE-2007-3551
bbs100 < 3.0 - Denial of Service via Guest Login Overflow
CVE-2007-3481
Microsoft Internet Explorer 6 and 7 - Cross-Domain Information Disclosure via JavaScript Document Variable Overwrite
CVE-2007-3454
Trend Micro OfficeScan Corporate Edition - Stack-based Buffer Overflow via Long Session Cookie
CVE-2007-3410
RealNetworks Helix Player and RealPlayer - Stack-Based Buffer Overflow via SMIL Wallclock Value
CVE-2007-3374
Red Hat Cluster Suite - Buffer Overflow in cman Daemon via Long Client Messages
CVE-2007-3375
Lhaca File Archiver < 1.21 - Stack-based Buffer Overflow via Crafted LZH Archive
CVE-2007-3373
Red Hat Cluster Suite - Information Disclosure via Uninitialized Buffer in daemon.c
CVE-2007-3338
Ingres Database Server 9.0.4, r3, 2.6, 2.5 - Remote Code Execution via uuid_from_char or duve_get_args Buffer Overflow
CVE-2007-3369
Polycom SoundPoint IP 601 - Denial of Service via Long Via Header in INVITE Message
CVE-2007-3340
BugHunter HTTP SERVER 1.6.2 - Denial of Service via Nonexistent Page Requests
CVE-2007-3294
PHP Tidy Extension - Buffer Overflow via tidy_parse_string or tidy_repair_string
CVE-2007-3216
CA BrightStor ARCserve Backup r11.1 - Remote Code Execution via Buffer Overflow
CVE-2007-0245
OpenOffice < 2.2.1 - Remote Code Execution via RTF prtdata Tag Length Inconsistency
CVE-2007-2222
Microsoft Internet Explorer - Remote Code Execution via ActiveX Speech Control Buffer Overflow
CVE-2007-3180
HP Help and Support Center < 4.4_b - Buffer Overflow
CVE-2007-3169
EDraw Office Viewer Component < 5.0 - Buffer Overflow via HttpDownloadFile Method
CVE-2007-3147
Yahoo! Messenger - Buffer Overflow in Webcam Upload ActiveX Control
CVE-2007-3148
Yahoo! Messenger - Buffer Overflow via Webcam Viewer ActiveX Control
CVE-2007-2984
Media Technology Group CDPass ActiveX Control - Stack-Based Buffer Overflow via GetTOC2 Method
CVE-2007-2987
Zenturi ProgramChecker - Remote Code Execution via DebugMsgLog or DoFileProperties Methods
Details
Vulnerabilities 14,030
Exploit Likelihood High