Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2016-02-18 CVE-2016-0794 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
local
low complexity
libreoffice canonical CWE-119
7.8
2016-02-18 CVE-2015-7547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
8.1
2016-02-17 CVE-2016-0773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
network
low complexity
postgresql canonical debian CWE-119
7.5
2016-02-14 CVE-2016-1626 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
network
low complexity
google opensuse debian CWE-119
4.3
2016-02-14 CVE-2016-1624 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Integer underflow in the ProcessCommandsInternal function in dec/decode.c in Brotli, as used in Google Chrome before 48.0.2564.109, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted data with brotli compression.
network
low complexity
opensuse google debian CWE-119
8.8
2016-02-13 CVE-2016-1522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
network
low complexity
fedoraproject mozilla debian sil CWE-119
8.8
2016-02-13 CVE-2016-1521 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
network
low complexity
debian sil mozilla fedoraproject CWE-119
8.8
2016-02-12 CVE-2016-2073 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
network
low complexity
xmlsoft debian canonical CWE-119
6.5
2016-02-12 CVE-2016-2330 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.
network
low complexity
ffmpeg canonical CWE-119
8.8
2016-02-12 CVE-2016-2329 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.
network
low complexity
opensuse ffmpeg CWE-119
8.8