CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Description
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-100 · CAPEC-14 · CAPEC-24 · CAPEC-42 · CAPEC-44 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-67 · CAPEC-8 · CAPEC-9 · CAPEC-92
CVEs mapped to this weakness (802)
page 14 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-25736 | Hig | 0.55 | 8.4 | 0.00 | Jun 4, 2026 | LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address… | ||
| CVE-2019-25735 | Hig | 0.55 | 8.4 | 0.00 | Jun 4, 2026 | AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger… | ||
| CVE-2019-25733 | Hig | 0.55 | 8.4 | 0.00 | Jun 4, 2026 | NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom… | ||
| CVE-2018-25432 | Hig | 0.55 | 8.4 | 0.00 | Jun 1, 2026 | Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code… | ||
| CVE-2018-25377 | Hig | 0.55 | 8.4 | 0.00 | May 25, 2026 | Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and… | ||
| CVE-2018-25376 | Hig | 0.55 | 8.4 | 0.00 | May 25, 2026 | Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration… | ||
| CVE-2018-25366 | Hig | 0.55 | 8.4 | 0.00 | May 25, 2026 | CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes… | ||
| CVE-2018-25356 | Hig | 0.55 | 8.4 | 0.00 | May 23, 2026 | SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or… | ||
| CVE-2018-25355 | Hig | 0.55 | 8.4 | 0.00 | May 23, 2026 | Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow,… | ||
| CVE-2018-25345 | Hig | 0.55 | 8.4 | 0.00 | May 23, 2026 | 10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the… | ||
| CVE-2018-25328 | Hig | 0.55 | 8.4 | 0.00 | May 17, 2026 | VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return… | ||
| CVE-2018-25323 | Hig | 0.55 | 8.4 | 0.00 | May 17, 2026 | Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing… | ||
| CVE-2018-25315 | Hig | 0.55 | 8.4 | 0.00 | Apr 29, 2026 | Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode… | ||
| CVE-2018-25314 | Hig | 0.55 | 8.4 | 0.00 | Apr 29, 2026 | Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with… | ||
| CVE-2018-25307 | Hig | 0.55 | 8.4 | 0.00 | Apr 29, 2026 | SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during… | ||
| CVE-2018-25304 | Hig | 0.55 | 8.4 | 0.00 | Apr 29, 2026 | Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the… | ||
| CVE-2018-25301 | Hig | 0.55 | 8.4 | 0.00 | Apr 29, 2026 | Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain… | ||
| CVE-2018-25299 | Hig | 0.55 | 8.4 | 0.00 | Apr 29, 2026 | Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection… | ||
| CVE-2018-25283 | Hig | 0.55 | 8.4 | 0.00 | Apr 26, 2026 | iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the… | ||
| CVE-2018-25263 | Hig | 0.55 | 8.4 | 0.00 | Apr 26, 2026 | Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within… |
- risk 0.55cvss 8.4epss 0.00
LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a specially formatted input file with shellcode and overwrite the return address…
- risk 0.55cvss 8.4epss 0.00
AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Attackers can craft a malicious URL, paste it into the Open URL dialog, and trigger…
- risk 0.55cvss 8.4epss 0.00
NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a payload with overwritten SEH and NSEH pointers through the Restrictions custom…
- risk 0.55cvss 8.4epss 0.00
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code…
- risk 0.55cvss 8.4epss 0.00
Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and…
- risk 0.55cvss 8.4epss 0.00
Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft malicious input in the Registration Name and Registration…
- risk 0.55cvss 8.4epss 0.00
CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes…
- risk 0.55cvss 8.4epss 0.00
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or…
- risk 0.55cvss 8.4epss 0.00
Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow,…
- risk 0.55cvss 8.4epss 0.00
10-Strike Network Scanner 3.0 contains a local buffer overflow vulnerability in the host name field that allows attackers to bypass SafeSEH protections and execute arbitrary code. Attackers can craft a malicious payload in the host name or address field and trigger the…
- risk 0.55cvss 8.4epss 0.00
VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return…
- risk 0.55cvss 8.4epss 0.00
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing…
- risk 0.55cvss 8.4epss 0.00
Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode…
- risk 0.55cvss 8.4epss 0.00
Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with…
- risk 0.55cvss 8.4epss 0.00
SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during…
- risk 0.55cvss 8.4epss 0.00
Free Download Manager 2.0 Build 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the…
- risk 0.55cvss 8.4epss 0.00
Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain…
- risk 0.55cvss 8.4epss 0.00
Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection…
- risk 0.55cvss 8.4epss 0.00
iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary code. Attackers can input a crafted payload exceeding 260 bytes through the…
- risk 0.55cvss 8.4epss 0.00
Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers can craft a malicious payload and paste it into the Device alias field within…