VYPR

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

BaseIncompleteLikelihood: High

Description

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92

CVEs mapped to this weakness (802)

page 14 of 41
  • CVE-2019-25736HigJun 4, 2026
    risk 0.55cvss 8.4epss 0.00

    LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address…

  • CVE-2019-25735HigJun 4, 2026
    risk 0.55cvss 8.4epss 0.00

    AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger…

  • CVE-2019-25733HigJun 4, 2026
    risk 0.55cvss 8.4epss 0.00

    NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom…

  • CVE-2018-25432HigJun 1, 2026
    risk 0.55cvss 8.4epss 0.00

    Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code…

  • CVE-2018-25377HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and…

  • CVE-2018-25376HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration…

  • CVE-2018-25366HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes…

  • CVE-2018-25356HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or…

  • CVE-2018-25355HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow,…

  • CVE-2018-25345HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the…

  • CVE-2018-25328HigMay 17, 2026
    risk 0.55cvss 8.4epss 0.00

    VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return…

  • CVE-2018-25323HigMay 17, 2026
    risk 0.55cvss 8.4epss 0.00

    Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing…

  • CVE-2018-25315HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode…

  • CVE-2018-25314HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with…

  • CVE-2018-25307HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during…

  • CVE-2018-25304HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the…

  • CVE-2018-25301HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain…

  • CVE-2018-25299HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection…

  • CVE-2018-25283HigApr 26, 2026
    risk 0.55cvss 8.4epss 0.00

    iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the…

  • CVE-2018-25263HigApr 26, 2026
    risk 0.55cvss 8.4epss 0.00

    Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within…