CWE-119— Buffer Operations Within Bounds (Buffer Overflow)
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.— MITRE CWE catalog
10,830 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-119page 112 of 217
- CVE-2017-12087CRITICALCVSS 10.0EG 9.82018-04-24
An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker…
- CVE-2017-12107HIGHCVSS 8.8EG 7.82018-04-24
An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .P…
- CVE-2017-12122HIGHCVSS 8.8EG 8.82018-04-24
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially cra…
- CVE-2017-12240CRITICALCVSS 9.8EG 9.8⚠ KEV2017-09-29
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The atta…
- CVE-2017-12375HIGHCVSS 7.5EG 7.52018-01-26
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of …
- CVE-2017-12376HIGHCVSS 7.8EG 7.82018-01-26
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The …
- CVE-2017-12379CRITICALCVSS 9.8EG 9.82018-01-26
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The …
- CVE-2017-12447HIGHCVSS 7.8EG 7.82019-03-07
GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder.
- CVE-2017-12466CRITICALCVSS 9.8EG 9.82018-02-07
CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access.
- CVE-2017-12468CRITICALCVSS 9.8EG 9.82018-02-07
Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables.
- CVE-2017-12469CRITICALCVSS 9.8EG 9.82018-02-07
Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation.
- CVE-2017-12471CRITICALCVSS 9.8EG 9.82018-02-07
The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function.
- CVE-2017-12546MEDIUMCVSS 5.6EG 5.62018-02-15
A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found.
- CVE-2017-12718HIGHCVSS 8.1EG 8.12018-02-15
A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading…
- CVE-2017-13177CRITICALCVSS 9.8EG 9.82018-01-12
In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: A…
- CVE-2017-13197HIGHCVSS 7.5EG 7.52018-01-12
In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not nee…
- CVE-2017-13208CRITICALCVSS 9.8EG 9.82018-01-12
In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges…
- CVE-2017-13225HIGHCVSS 7.8EG 7.82018-01-12
In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for…
- CVE-2017-13266CRITICALCVSS 9.8EG 9.82018-04-04
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exp…
- CVE-2017-13267CRITICALCVSS 9.8EG 9.82018-04-04
In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not neede…
- CVE-2017-13276HIGHCVSS 7.8EG 7.82018-04-04
In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is neede…
- CVE-2017-13281CRITICALCVSS 9.8EG 9.82018-04-04
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not need…
- CVE-2017-13282CRITICALCVSS 9.8EG 9.82018-04-04
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not need…
- CVE-2017-13696CRITICALCVSS 9.8EG 9.82018-01-24
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET requ…
- CVE-2017-13719CRITICALCVSS 9.8EG 9.82019-07-03
The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the appli…
- CVE-2017-13835HIGHCVSS 7.8EG 7.82021-12-23
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.
- CVE-2017-13850HIGHCVSS 7.1EG 7.12018-04-03
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive informat…
- CVE-2017-13853HIGHCVSS 7.8EG 7.82018-04-03
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of servic…
- CVE-2017-13854HIGHCVSS 7.8EG 7.82018-04-03
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execu…
- CVE-2017-13884HIGHCVSS 8.8EG 8.82018-04-03
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS …
- CVE-2017-13885HIGHCVSS 8.8EG 8.82018-04-03
An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issu…
- CVE-2017-13904HIGHCVSS 7.8EG 7.82018-04-03
An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers …
- CVE-2017-13906HIGHCVSS 7.8EG 7.82021-12-23
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious applica…
- CVE-2017-14199CRITICALCVSS 9.8EG 9.82019-04-12
A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0.
- CVE-2017-14202HIGHCVSS 7.8EG 7.82019-08-29
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Z…
- CVE-2017-14440HIGHCVSS 8.8EG 8.82018-04-24
An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially cr…
- CVE-2017-14442HIGHCVSS 8.8EG 8.82018-04-24
An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially craf…
- CVE-2017-14444CRITICALCVSS 9.9EG 9.92018-08-02
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a glob…
- CVE-2017-14445CRITICALCVSS 9.9EG 9.92018-08-02
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a glo…
- CVE-2017-14446CRITICALCVSS 9.9EG 9.92018-08-02
An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An …
- CVE-2017-14447HIGHCVSS 8.5EG 7.72018-08-06
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer …
- CVE-2017-14448HIGHCVSS 8.8EG 8.82018-04-24
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially craft…
- CVE-2017-14450HIGHCVSS 7.1EG 7.12018-04-24
A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerabil…
- CVE-2017-14452HIGHCVSS 8.5EG 8.82018-08-23
An exploitable buffer overflow vulnerability exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows…
- CVE-2017-14453HIGHCVSS 8.5EG 8.82018-08-23
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and ans…
- CVE-2017-14455HIGHCVSS 8.5EG 8.82018-08-23
On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and ans…
- CVE-2017-14742CRITICALCVSS 9.8EG 9.82019-10-25
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.
- CVE-2017-14854CRITICALCVSS 9.1EG 9.82019-06-03
A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25.
- CVE-2017-14873HIGHCVSS 7.8EG 7.82018-01-10
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur.
- CVE-2017-14875HIGHCVSS 7.5EG 7.52018-03-30
In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists.
Map vulnerabilities like CWE-119 to your infrastructure
EchelonGraph correlates every CVE — across CWE-119 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →