VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 34 of 40
  • CVE-2026-0819HigMar 19, 2026
    risk 0.39cvss 7.1epss 0.00

    A stack buffer overflow vulnerability exists in wolfSSL's PKCS7 SignedData encoding functionality. In wc_PKCS7_BuildSignedAttributes(), when adding custom signed attributes, the code passes an incorrect capacity value (esd->signedAttribsCount) to EncodeAttributes() instead of…

  • CVE-2025-0373MedJan 30, 2025
    risk 0.39cvss 6.0epss 0.00

    On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and…

  • CVE-2023-5407MedApr 17, 2024
    risk 0.38cvss 5.9epss 0.00

    Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.

  • CVE-2025-55660MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-7019MedJun 12, 2026
    risk 0.36cvss 5.5epss 0.00

    Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS,…

  • CVE-2026-42050MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in the display tool and right-clicks a tile to invoke the Load / Update menu item.…

  • CVE-2026-33452MedApr 30, 2026
    risk 0.36cvss 5.5epss 0.00

    CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system.

  • CVE-2026-5683MedApr 6, 2026
    risk 0.36cvss 5.5epss 0.01

    A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack must originate from the…

  • CVE-2020-37127MedFeb 5, 2026
    risk 0.36cvss 5.5epss 0.00

    Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a core dump and terminate the dhcp_release process by sending a crafted input string…

  • CVE-2020-37121MedFeb 5, 2026
    risk 0.36cvss 5.5epss 0.00

    CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to…

  • CVE-2026-1425MedJan 26, 2026
    risk 0.36cvss 5.6epss 0.00

    A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is…

  • CVE-2025-8404MedNov 18, 2025
    risk 0.36cvss 5.5epss 0.00

    Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system.

  • CVE-2025-6093MedJun 15, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability classified as critical was found in uYanki board-stm32f103rc-berial up to 84daed541609cb7b46854cc6672a275d1007e295. This vulnerability affects the function heartrate1_i2c_hal_write of the file 7.Example/hal/i2c/max30100/Manual/demo2/2/heartrate1_hal.c. The…

  • CVE-2025-46836MedMay 14, 2025
    risk 0.36cvss 6.6epss 0.00

    net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure…

  • CVE-2025-3007MedMar 31, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to…

  • CVE-2024-53311MedFeb 13, 2025
    risk 0.36cvss 5.5epss 0.00

    A Stack buffer overflow in the arguments parameter in Immunity Inc. Immunity Debugger v1.85 allows attackers to execute arbitrary code via a crafted input that exceeds the buffer size.

  • CVE-2024-53309MedFeb 13, 2025
    risk 0.36cvss 5.5epss 0.00

    A stack-based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when an overly long string is passed to the "-f" parameter. This can lead to memory corruption, potentially allowing arbitrary code execution or causing a denial of…

  • CVE-2018-1071MedMar 9, 2018
    risk 0.36cvss 5.5epss 0.00

    zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

  • CVE-2026-8356MedJun 15, 2026
    risk 0.35cvss epss 0.00

    LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record,…

  • CVE-2026-44056MedMay 21, 2026
    risk 0.35cvss 6.4epss 0.00

    A stack-based buffer overflow in desktop.c in Netatalk 1.3 through 4.2.2 allows a remote authenticated attacker to cause a denial of service, obtain limited information, or modify limited data.