Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

CVEs (14,079)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-1320 4Debian FedoraprojectOpensuse+1 more 5Debian Linux FedoraFedora Core+2 more Apr 23, 2026 May 2, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via u...Show more Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty," aka the "bitblt" heap overflow.Show less
CVE-2007-2356 1Gimp 1Gimp Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
CVE-2007-0957 3Canonical DebianMit 3Debian Linux Kerberos 5Ubuntu Linux Apr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 9.0 HIGH· v2 Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authent...Show more Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.Show less
CVE-2006-6576 1Goldenftpserver 1Golden Ftp Server Apr 23, 2026 Dec 15, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later r...Show more Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634.Show less
CVE-2006-4482 3Canonical DebianPhp 3Debian Linux PhpUbuntu Linux Apr 16, 2026 Aug 31, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vu...Show more Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.Show less
CVE-2006-3945 1Opera 1Opera Browser Apr 16, 2026 Jul 31, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory cor...Show more The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.Show less
CVE-2006-3897 1Microsoft 1Internet Explorer Apr 16, 2026 Jul 27, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValu...Show more Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.Show less
CVE-2006-2362 1Gnu 1Binutils Apr 16, 2026 May 15, 2006 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and po...Show more Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.Show less
CVE-2005-0560 1Microsoft 1Exchange Server Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended...Show more Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.Show less
CVE-2004-0978 1Microsoft 1Internet Explorer Apr 16, 2026 Feb 9, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute ar...Show more Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.Show less
CVE-2004-1287 1Nasm 1Netwide Assembler Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
CVE-2004-1189 1Mit 1Kerberos 5 Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number o...Show more The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.Show less
CVE-2004-0574 1Microsoft 4Exchange Server Windows 2000Windows Nt+1 more Apr 16, 2026 Nov 3, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrar...Show more The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.Show less
CVE-2004-0783 1Gnome 2Gdkpixbuf Gtk Apr 16, 2026 Oct 20, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color...Show more Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).Show less
CVE-2004-0488 3Apache DebianRedhat 4Debian Linux Enterprise Linux ServerEnterprise Linux Workstation+1 more Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client...Show more Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.Show less
CVE-2004-0398 2Debian Webdav 3Cadaver Debian LinuxNeon Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the cl...Show more Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.Show less
CVE-2003-1396 1Opera 1Opera Browser Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
CVE-2003-0870 1Opera 1Opera Browser Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.
CVE-2002-2227 1Rtfm 1Ssldump Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.

Previous 1...700 701 702 703704