CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,830 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 106 of 217
- CVE-2014-9205NONECVSS 0.0EG 0.02015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by pro…
- CVE-2014-9206NONECVSS 0.0EG 0.02015-03-14
Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and earlier for Schneider Electric Invensys SRD Control Valve Positioner devices 960 and 991 allows local users to gain privileges via a malformed DLL file.
- CVE-2014-9223NONECVSS 0.0EG 0.02014-12-24
Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei Home Gateway products and other vendors and products, allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors relat…
- CVE-2014-9263NONECVSS 0.0EG 0.02014-12-08
Multiple buffer overflows in the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control in 3S Pocketnet Tech VMS allow remote attackers to execute arbitrary code via a crafted string to the (1) StartRecord, (2) StartRecordEx, (3) StartSche…
- CVE-2014-9264NONECVSS 0.0EG 0.02014-12-11
Stack-based buffer overflow in the .NET Data Provider in SAP SQL Anywhere allows remote attackers to execute arbitrary code via a crafted column alias.
- CVE-2014-9265NONECVSS 0.0EG 0.02014-12-08
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2014-9267NONECVSS 0.0EG 0.02014-12-08
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.
- CVE-2014-9273NONECVSS 0.0EG 0.02014-12-08
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
- CVE-2014-9274NONECVSS 0.0EG 0.02014-12-09
UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".
- CVE-2014-9275NONECVSS 0.0EG 0.02014-12-09
UnRTF allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.
- CVE-2014-9295NONECVSS 0.0EG 0.02014-12-20
Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_p…
- CVE-2014-9316NONECVSS 0.0EG 0.02014-12-09
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified…
- CVE-2014-9317NONECVSS 0.0EG 0.02014-12-09
The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified …
- CVE-2014-9318NONECVSS 0.0EG 0.02014-12-09
The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact …
- CVE-2014-9319NONECVSS 0.0EG 0.02014-12-09
The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.
- CVE-2014-9328NONECVSS 0.0EG 0.02015-02-03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
- CVE-2014-9377NONECVSS 0.0EG 0.02014-12-19
Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.
- CVE-2014-9379NONECVSS 0.0EG 0.02014-12-19
The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which …
- CVE-2014-9380NONECVSS 0.0EG 0.02014-12-19
The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature.
- CVE-2014-9418NONECVSS 0.0EG 0.02014-12-24
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
- CVE-2014-9427NONECVSS 0.0EG 0.02015-01-03
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that…
- CVE-2014-9448NONECVSS 0.0EG 0.02015-01-02
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
- CVE-2014-9449NONECVSS 0.0EG 0.02015-01-02
Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.
- CVE-2014-9451NONECVSS 0.0EG 0.02015-01-02
Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or (2) password parameter in an AuthenticateUser…
- CVE-2014-9456NONECVSS 0.0EG 0.02015-01-02
Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally incorrectly mapped to CVE-2014-1004; see CVE-2014-1004 for…
- CVE-2014-9458NONECVSS 0.0EG 0.02015-01-02
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.
- CVE-2014-9495HIGHCVSS 8.8EG 8.82015-01-10
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG …
- CVE-2014-9594NONECVSS 0.0EG 0.02015-01-15
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the ABAP VM, ak…
- CVE-2014-9595NONECVSS 0.0EG 0.02015-01-15
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool Syste…
- CVE-2014-9630HIGHCVSS 7.8EG 7.82020-01-24
The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denia…
- CVE-2014-9636NONECVSS 0.0EG 0.02015-02-06
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compr…
- CVE-2014-9640NONECVSS 0.0EG 0.02015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.
- CVE-2014-9652NONECVSS 0.0EG 0.02015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a trunca…
- CVE-2014-9656NONECVSS 0.0EG 0.02015-02-08
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified…
- CVE-2014-9659NONECVSS 0.0EG 0.02015-02-08
cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-bas…
- CVE-2014-9662NONECVSS 0.0EG 0.02015-02-08
cff/cf2ft.c in FreeType before 2.5.4 does not validate the return values of point-allocation functions, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a…
- CVE-2014-9663NONECVSS 0.0EG 0.02015-02-08
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) o…
- CVE-2014-9664NONECVSS 0.0EG 0.02015-02-08
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 fon…
- CVE-2014-9665NONECVSS 0.0EG 0.02015-02-08
The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 does not restrict the rows and pitch values of PNG data, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or …
- CVE-2014-9667NONECVSS 0.0EG 0.02015-02-08
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecifi…
- CVE-2014-9668NONECVSS 0.0EG 0.02015-02-08
The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting length values, which allows remote attackers to cause a denial of service (integer overflow and heap-based b…
- CVE-2014-9672NONECVSS 0.0EG 0.02015-02-08
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource…
- CVE-2014-9673NONECVSS 0.0EG 0.02015-02-08
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a cra…
- CVE-2014-9679NONECVSS 0.0EG 0.02015-02-19
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.
- CVE-2014-9705NONECVSS 0.0EG 0.02015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger cr…
- CVE-2014-9709NONECVSS 0.0EG 0.02015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that i…
- CVE-2014-9986HIGHCVSS 7.5EG 7.52018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD …
- CVE-2014-9987CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD …
- CVE-2014-9988CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear SD 820A, IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, …
- CVE-2014-9991CRITICALCVSS 9.8EG 9.82018-04-18
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/…
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →