Buffer Overflow
Buffer Overflow vulnerabilities occur when a program writes more data to a buffer than it can hold, potentially allowing attackers to overwrite adjacent memory and execute arbitrary code.
104
CRITICAL
Execution
Understanding Buffer Overflow
Detailed information about this vulnerability type.
How to Identify
- •Review security advisories
- •Perform regular security testing
Prevention Best Practices
- ✓Follow security best practices
- ✓Keep systems updated
Buffer Overflow CVEs (104)
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2016-9445 | 7.5 | This vulnerability allows an attacker to crash systems using GStreamer by sending specially crafted video files with extremely large dimensions. To exploit this, the attacker needs to deliver a malicious video that the GStreamer software attempts to decode. | gstreamergstreamer | Exploit Available | about 9 years agoJan 23, 2017 |
| CVE-2017-5225 | 9.8 | This vulnerability allows an attacker to potentially run malicious code on a system or crash it by tricking the libtiff tool into processing a specially crafted image file with a manipulated BitsPerSample value. The attacker needs to have access to a vulnerable version of the libtiff tool to exploit this weakness. | libtifflibtiff | Exploit Available | about 9 years agoJan 12, 2017 |
| CVE-2008-0015 | 8.8 | This vulnerability allows an attacker to run any code they choose on a victim's computer by tricking them into visiting a malicious web page. It affects certain versions of Windows, including Server 2003, and requires the user to have the vulnerable ActiveX control enabled in their browser. | microsoftwindows 2003 server | Exploit Available | over 16 years agoJul 7, 2009 |
| CVE-2009-0586 | 7.5 | This vulnerability allows an attacker to run their own malicious code on a system using GStreamer by sending a specially crafted COVERART tag. It requires the attacker to have the ability to provide a manipulated audio file that exploits a flaw in how GStreamer processes certain data. | gstreamergstreamer | Exploit Available | about 17 years agoMar 14, 2009 |