CVE-2016-1131
Description
A buffer overflow in DX Library's CL_vsprintf function lets attackers execute arbitrary code via a crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in DX Library's CL_vsprintf function lets attackers execute arbitrary code via a crafted string.
Vulnerability
A buffer overflow exists in the CL_vsprintf function of Takumi Yamada DX Library before version 3.16. The vulnerability affects DX Library for VisualC++, BorlandC++, Gnu C++, and VisualC# in versions Ver3.15e and earlier [1]. The flaw occurs when the internal function CL_vsprintf() processes a specially crafted string [1][2].
Exploitation
An attacker can exploit this vulnerability by providing a crafted string to an application built using the affected DX Library versions. The attack vector is network-based, with high attack complexity, and requires no privileges or user interaction [1][2]. The attacker does not need prior authentication or local access.
Impact
Successful exploitation allows arbitrary code execution with the privileges of the user running the vulnerable application. This can lead to full compromise of confidentiality, integrity, and availability (CVSS v3 base score 7.8) [1][2].
Mitigation
The solution is to update DX Library to version 3.16 or later and rebuild the application [1][2]. No workarounds have been published. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:dx_library_project:dx_library:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:dx_library_project:dx_library:*:*:*:*:*:*:*:*range: <=3.15e
- (no CPE)range: <3.16
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- jvn.jp/en/jp/JVN49476817/index.htmlnvdVendor Advisory
- jvndb.jvn.jp/jvndb/JVNDB-2016-000001nvdVendor Advisory
- homepage2.nifty.com/natupaji/DxLib/dxvulnerability.htmlnvd
News mentions
0No linked articles in our index yet.