VYPR

CWE-121

Stack-based Buffer Overflow

VariantDraftLikelihood: High

Description

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (790)

page 38 of 40
  • CVE-2025-6141LowJun 16, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached…

  • CVE-2023-51792LowApr 19, 2024
    risk 0.21cvss 3.3epss 0.00

    Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.

  • CVE-2026-40528LowMay 29, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init…

  • CVE-2026-40510LowMay 29, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device…

  • CVE-2026-41963LowMay 15, 2026
    risk 0.18cvss 2.8epss 0.00

    Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.

  • CVE-2025-66215LowMar 30, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or…

  • CVE-2025-49010LowMar 30, 2026
    risk 0.18cvss 3.8epss 0.00

    OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or…

  • CVE-2026-10528LowJun 2, 2026
    risk 0.14cvss 3.3epss 0.00

    A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the component DCMTK Parser. Performing a manipulation results in stack-based buffer…

  • CVE-2026-5037LowMar 29, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local…

  • CVE-2025-6170LowJun 16, 2025
    risk 0.09cvss 2.5epss 0.00

    A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful…

  • CVE-2014-2364Jul 19, 2014
    risk 0.08cvss epss 0.61

    Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9)…

  • CVE-2014-0782May 16, 2014
    risk 0.08cvss epss 0.57

    Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS…

  • CVE-2014-0783Mar 14, 2014
    risk 0.08cvss epss 0.68

    Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

  • CVE-2025-7844LowAug 4, 2025
    risk 0.07cvss epss 0.00

    Exporting a TPM based RSA key larger than 2048 bits from the TPM could overrun a stack buffer if the default `MAX_RSA_KEY_BITS=2048` is used. If your TPM 2.0 module supports RSA key sizes larger than 2048 bit and your applications supports creating or importing an RSA private or…

  • CVE-2014-0784Mar 14, 2014
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.

  • CVE-2014-0787Apr 12, 2014
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet.

  • CVE-2023-31419Oct 26, 2023
    risk 0.03cvss epss 0.61

    A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

  • CVE-2018-14633HigSep 25, 2018
    risk 0.01cvss 7.0epss 0.09

    A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes…

  • CVE-2026-30929Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a specific image it is possible to overflow this buffer and corrupt the stack. This…

  • CVE-2026-28690Mar 9, 2026
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder. There is a bounds checks missing that could corrupting the stack with…