Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-3639

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Oct, 2008 | 20:00
Updated At-07 Aug, 2024 | 09:45
Rejected At-
Credits

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Oct, 2008 | 20:00
Updated At:07 Aug, 2024 | 09:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464
vdb-entry
signature
x_refsource_OVAL
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/32284
third-party-advisory
x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
vendor-advisory
x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2008/2782
vdb-entry
x_refsource_VUPEN
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/32331
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/33111
third-party-advisory
x_refsource_SECUNIA
http://www.cups.org/str.php?L2918
x_refsource_CONFIRM
http://secunia.com/advisories/32292
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/1568
vdb-entry
x_refsource_VUPEN
http://www.securitytracker.com/id?1021033
vdb-entry
x_refsource_SECTRACK
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
vendor-advisory
x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/33085
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
x_refsource_CONFIRM
http://www.securityfocus.com/bid/31690
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2008/3401
vdb-entry
x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
vdb-entry
x_refsource_XF
http://secunia.com/advisories/32226
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1656
vendor-advisory
x_refsource_DEBIAN
https://usn.ubuntu.com/656-1/
vendor-advisory
x_refsource_UBUNTU
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
third-party-advisory
x_refsource_IDEFENSE
http://www.cups.org/articles.php?L575
x_refsource_CONFIRM
http://secunia.com/advisories/32084
third-party-advisory
x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2008-0937.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/32316
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/32284
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.vupen.com/english/advisories/2008/2782
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/32331
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/33111
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.cups.org/str.php?L2918
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/32292
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2009/1568
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securitytracker.com/id?1021033
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/33085
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/31690
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2008/3401
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/32226
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1656
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://usn.ubuntu.com/656-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://www.cups.org/articles.php?L575
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/32084
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0937.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/32316
Resource:
third-party-advisory
x_refsource_SECUNIA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/32284
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.vupen.com/english/advisories/2008/2782
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/32331
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/33111
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.cups.org/str.php?L2918
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/32292
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2009/1568
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securitytracker.com/id?1021033
vdb-entry
x_refsource_SECTRACK
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/33085
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/31690
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2008/3401
vdb-entry
x_refsource_VUPEN
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/32226
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1656
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://usn.ubuntu.com/656-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://www.cups.org/articles.php?L575
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/32084
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0937.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/32316
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/32284
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2782
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/32331
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/33111
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.cups.org/str.php?L2918
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/32292
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1568
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021033
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/33085
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31690
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/3401
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/32226
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1656
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://usn.ubuntu.com/656-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://www.cups.org/articles.php?L575
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/32084
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0937.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/32316
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Oct, 2008 | 21:10
Updated At:23 Apr, 2026 | 00:35

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Apple Inc.
apple
>>cups>>Versions up to 1.3.8(inclusive)
cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1
cpe:2.3:a:apple:cups:1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.1
cpe:2.3:a:apple:cups:1.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.2
cpe:2.3:a:apple:cups:1.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.3
cpe:2.3:a:apple:cups:1.1.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.4
cpe:2.3:a:apple:cups:1.1.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.5
cpe:2.3:a:apple:cups:1.1.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.5-1
cpe:2.3:a:apple:cups:1.1.5-1:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.5-2
cpe:2.3:a:apple:cups:1.1.5-2:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.6
cpe:2.3:a:apple:cups:1.1.6:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.6-1
cpe:2.3:a:apple:cups:1.1.6-1:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.6-2
cpe:2.3:a:apple:cups:1.1.6-2:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.6-3
cpe:2.3:a:apple:cups:1.1.6-3:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.7
cpe:2.3:a:apple:cups:1.1.7:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.8
cpe:2.3:a:apple:cups:1.1.8:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.9
cpe:2.3:a:apple:cups:1.1.9:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.9-1
cpe:2.3:a:apple:cups:1.1.9-1:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.10
cpe:2.3:a:apple:cups:1.1.10:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.10-1
cpe:2.3:a:apple:cups:1.1.10-1:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.11
cpe:2.3:a:apple:cups:1.1.11:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.12
cpe:2.3:a:apple:cups:1.1.12:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.13
cpe:2.3:a:apple:cups:1.1.13:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.14
cpe:2.3:a:apple:cups:1.1.14:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.15
cpe:2.3:a:apple:cups:1.1.15:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.16
cpe:2.3:a:apple:cups:1.1.16:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.17
cpe:2.3:a:apple:cups:1.1.17:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.18
cpe:2.3:a:apple:cups:1.1.18:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.19
cpe:2.3:a:apple:cups:1.1.19:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.19
cpe:2.3:a:apple:cups:1.1.19:rc1:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.19
cpe:2.3:a:apple:cups:1.1.19:rc2:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.19
cpe:2.3:a:apple:cups:1.1.19:rc3:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.19
cpe:2.3:a:apple:cups:1.1.19:rc4:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.19
cpe:2.3:a:apple:cups:1.1.19:rc5:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:rc1:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:rc2:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:rc3:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:rc4:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:rc5:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.20
cpe:2.3:a:apple:cups:1.1.20:rc6:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.21
cpe:2.3:a:apple:cups:1.1.21:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.21
cpe:2.3:a:apple:cups:1.1.21:rc1:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.21
cpe:2.3:a:apple:cups:1.1.21:rc2:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.22
cpe:2.3:a:apple:cups:1.1.22:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.22
cpe:2.3:a:apple:cups:1.1.22:rc1:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.22
cpe:2.3:a:apple:cups:1.1.22:rc2:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.23
cpe:2.3:a:apple:cups:1.1.23:*:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.1.23
cpe:2.3:a:apple:cups:1.1.23:rc1:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.2
cpe:2.3:a:apple:cups:1.2:b1:*:*:*:*:*:*
Apple Inc.
apple
>>cups>>1.2
cpe:2.3:a:apple:cups:1.2:b2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753cve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.htmlcve@mitre.org
N/A
http://secunia.com/advisories/32084cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32226cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32284cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32292cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32316cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/32331cve@mitre.org
N/A
http://secunia.com/advisories/33085cve@mitre.org
N/A
http://secunia.com/advisories/33111cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1cve@mitre.org
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htmcve@mitre.org
N/A
http://www.cups.org/articles.php?L575cve@mitre.org
N/A
http://www.cups.org/str.php?L2918cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2008/dsa-1656cve@mitre.org
N/A
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xmlcve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2008-0937.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/31690cve@mitre.org
N/A
http://www.securitytracker.com/id?1021033cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/2782cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2008/3401cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1568cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/45789cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464cve@mitre.org
N/A
https://usn.ubuntu.com/656-1/cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.htmlcve@mitre.org
N/A
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32084af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32226af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32284af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32292af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32316af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/32331af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/33085af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/33111af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.avaya.com/elmodocs2/security/ASA-2008-470.htmaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.cups.org/articles.php?L575af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.cups.org/str.php?L2918af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2008/dsa-1656af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.gentoo.org/security/en/glsa/glsa-200812-11.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:211af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2008-0937.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/31690af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1021033af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/2782af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/3401af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1568af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/45789af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464af854a3a-2127-422b-91ae-364da2661108
N/A
https://usn.ubuntu.com/656-1/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/32084
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32226
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32284
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32292
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32316
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32331
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33085
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/33111
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.cups.org/articles.php?L575
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.cups.org/str.php?L2918
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2008/dsa-1656
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0937.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31690
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021033
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2782
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/3401
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1568
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://usn.ubuntu.com/656-1/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32084
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32226
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32284
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32292
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32316
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/32331
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/33085
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/33111
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-261088-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.avaya.com/elmodocs2/security/ASA-2008-470.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.cups.org/articles.php?L575
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.cups.org/str.php?L2918
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2008/dsa-1656
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200812-11.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:211
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0937.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31690
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021033
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2782
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/3401
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1568
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/45789
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11464
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://usn.ubuntu.com/656-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00331.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00380.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4078Records found
CVE-2013-0896
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.61% / 69.84%
||
7 Day CHG~0.00%
Published-23 Feb, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly manage memory during message handling for plug-ins, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aApple Inc.openSUSEGoogle LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xwindowschromelinux_kernelopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5775
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.99% / 83.81%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5874
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.21% / 87.18%
||
7 Day CHG~0.00%
Published-18 Sep, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5750
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.85% / 75.09%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode characters.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7103
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.93% / 89.72%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_oswatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2833
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 71.55%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1182
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-7.10% / 91.62%
||
7 Day CHG~0.00%
Published-23 Apr, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

Action-Not Available
Vendor-glyphandcogpopplerfoolabsn/aApple Inc.
Product-xpdfreaderxpdfcupspopplern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-2522
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-13.05% / 94.16%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0843
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.82% / 74.54%
||
7 Day CHG~0.00%
Published-24 Jan, 2013 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromemac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0019
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 75.69%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0778
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.21% / 95.43%
||
7 Day CHG~0.00%
Published-14 Feb, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0226
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-92.20% / 99.72%
||
7 Day CHG~0.00%
Published-10 Jan, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Action-Not Available
Vendor-mysqlyassln/aCanonical Ltd.Apple Inc.Oracle CorporationDebian GNU/Linux
Product-debian_linuxubuntu_linuxmac_os_xmysqlyassln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-4162
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-2.82% / 86.31%
||
7 Day CHG~0.00%
Published-15 Aug, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161.

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.
Product-acrobatacrobat_readermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-2856
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.71% / 72.48%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft Corporation
Product-mac_os_xframewindowschromelinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-0650
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.40% / 80.62%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5710
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-33.59% / 96.99%
||
7 Day CHG~0.00%
Published-04 Nov, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.

Action-Not Available
Vendor-opendarwinn/aApple Inc.
Product-darwin_kernelmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-1770
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.36% / 85.09%
||
7 Day CHG~0.00%
Published-08 Sep, 2021 | 14:55
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmacostvOSmacOSwatchOSiOS and iPadOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3428
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.99% / 86.68%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in QuickTime before 7.7.1 for Windows allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-3457
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.06% / 84.09%
||
7 Day CHG~0.00%
Published-02 Feb, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0157
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.61% / 81.95%
||
7 Day CHG~0.00%
Published-11 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-webkitiphone_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0206
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.96% / 76.71%
||
7 Day CHG~0.00%
Published-24 Jun, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-0230
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.49% / 81.23%
||
7 Day CHG~0.00%
Published-14 Oct, 2011 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-3775
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-24.98% / 96.23%
||
7 Day CHG~0.00%
Published-25 Mar, 2020 | 20:33
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-photoshop_2020windowsphotoshop_ccmacosAdobe Photoshop
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0504
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-1.24% / 79.46%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-4092
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-44.09% / 97.58%
||
7 Day CHG~0.00%
Published-08 Dec, 2005 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimeitunesn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-2340
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-63.97% / 98.45%
||
7 Day CHG~0.00%
Published-11 Jan, 2006 | 18:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3798
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-26.22% / 96.36%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3796 and CVE-2015-3797.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3674
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.16% / 84.46%
||
7 Day CHG~0.00%
Published-03 Jul, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3773
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.16% / 84.46%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3796
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-18.14% / 95.26%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0718
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.83% / 86.33%
||
7 Day CHG~0.00%
Published-26 May, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Action-Not Available
Vendor-libexpat_projectn/aCanonical Ltd.Apple Inc.openSUSESUSEMcAfee, LLCMozilla CorporationDebian GNU/LinuxPython Software Foundation
Product-firefoxubuntu_linuxlinux_enterprise_desktopmac_os_xdebian_linuxlibexpatstudio_onsitelinux_enterprise_debuginfoleaplinux_enterprise_serverpolicy_auditorpythonlinux_enterprise_software_development_kitopensusen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-7017
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.13% / 84.36%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesiphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5779
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-2.68% / 86.01%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimemac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2012-3716
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-34.41% / 97.05%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write or read) via a crafted text glyph.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8045
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-42.50% / 97.50%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:58
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8048
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-9.80% / 93.05%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:59
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a buffer error vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8205
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-4.12% / 88.74%
||
7 Day CHG~0.00%
Published-17 Oct, 2019 | 20:24
Updated-04 Aug, 2024 | 21:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8006
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-27.87% / 96.52%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:38
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-8017
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-35.34% / 97.10%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 19:43
Updated-04 Aug, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11282
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-20.69% / 95.66%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncRed Hat, Inc.Microsoft CorporationAdobe Inc.
Product-windows_10windows_8.1enterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopwindowsflash_playermacoslinux_kernelchrome_osAdobe Flash Player 26.0.0.151 and earlier versions
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-7663
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.88% / 86.45%
||
7 Day CHG~0.00%
Published-20 Feb, 2017 | 08:35
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4616
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.58% / 85.74%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-itunesmac_os_xwindowsiphone_ostvosicloudwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4607
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.83% / 91.44%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporationlibxml2 (XMLSoft)Fedora Project
Product-itunesmac_os_xlibxsltwindowsiphone_osfedoratvosicloudwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4610
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-5.59% / 90.40%
||
7 Day CHG~0.00%
Published-22 Jul, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

Action-Not Available
Vendor-n/aApple Inc.libxml2 (XMLSoft)Microsoft CorporationDebian GNU/LinuxFedora Project
Product-itunesdebian_linuxmac_os_xlibxsltwindowsiphone_osfedoratvosicloudwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-4163
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-5.16% / 89.98%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-air_desktop_runtimewindows_10mac_os_xwindows_8.1windowsflash_playeriphone_osair_sdkandroidflash_player_desktop_runtimelinux_kernelair_sdk_\&_compilerchrome_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-3141
Matching Score-10
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-10
Assigner-OpenText (formerly Micro Focus)
CVSS Score-9.8||CRITICAL
EPSS-72.28% / 98.78%
||
7 Day CHG~0.00%
Published-31 Mar, 2016 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-mac_os_xphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-8865
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-1.01% / 77.36%
||
7 Day CHG~0.00%
Published-20 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application crash) or possibly execute arbitrary code via a crafted magic file.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.
Product-phpmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5776
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-3.02% / 86.75%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3783
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-18.40% / 95.30%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3329
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-28.78% / 96.60%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Action-Not Available
Vendor-n/aApple Inc.Oracle CorporationRed Hat, Inc.The PHP Group
Product-enterprise_linux_servermac_os_xenterprise_linux_workstationphpenterprise_linux_desktopsolarisenterprise_linux_server_euslinuxenterprise_linux_hpc_nodeenterprise_linuxenterprise_linux_hpc_node_eusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 81
  • 82
  • Next
Details not found