VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 20 of 40
  • CVE-2017-6035HigApr 27, 2017
    risk 0.57cvss 8.8epss 0.02

    A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system.

  • CVE-2026-10829HigJun 16, 2026
    risk 0.56cvss epss 0.00

    A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An…

  • CVE-2026-9038HigMay 28, 2026
    risk 0.56cvss epss 0.00

    A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory…

  • CVE-2026-1761HigFeb 2, 2026
    risk 0.56cvss 8.6epss 0.01

    A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to…

  • CVE-2026-0719HigJan 8, 2026
    risk 0.56cvss 8.6epss 0.01

    A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This…

  • CVE-2025-53418HigAug 26, 2025
    risk 0.56cvss 8.6epss 0.00

    Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.

  • CVE-2025-53022HigJul 30, 2025
    risk 0.56cvss 8.6epss 0.00

    TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value…

  • CVE-2026-45463HigJun 9, 2026
    risk 0.55cvss 8.4epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2018-25383HigMay 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded…

  • CVE-2018-25375HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft malicious input in the Registration Name and…

  • CVE-2018-25373HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious text file with…

  • CVE-2018-25360HigMay 25, 2026
    risk 0.55cvss 8.4epss 0.00

    AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode…

  • CVE-2018-25344HigMay 23, 2026
    risk 0.55cvss 8.4epss 0.00

    10-Strike Network Inventory Explorer 8.54 contains a stack-based buffer overflow vulnerability in the registration key input field that allows local attackers to execute arbitrary code by triggering a structured exception handler overwrite. Attackers can craft a malicious…

  • CVE-2018-25322HigMay 17, 2026
    risk 0.55cvss 8.4epss 0.00

    Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode…

  • CVE-2020-37221HigMay 13, 2026
    risk 0.55cvss 8.4epss 0.00

    Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string to the display name textbox in the Time Zones Clock configuration. Attackers can craft a buffer with structured exception handling…

  • CVE-2026-30363HigMay 1, 2026
    risk 0.55cvss 8.4epss 0.00

    flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function.

  • CVE-2018-25303HigApr 29, 2026
    risk 0.55cvss 8.4epss 0.00

    Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with…

  • CVE-2019-25357HigFeb 18, 2026
    risk 0.55cvss 8.4epss 0.00

    Control Center PRO 6.2.9 contains a stack-based buffer overflow vulnerability in the user creation module's username field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious payload exceeding 664 bytes to inject shellcode and…

  • CVE-2019-25332HigFeb 12, 2026
    risk 0.55cvss 8.4epss 0.00

    FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode,…

  • CVE-2019-25331HigFeb 12, 2026
    risk 0.55cvss 8.4epss 0.00

    AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register…