VYPR

CWE-131

Incorrect Calculation of Buffer Size

BaseDraftLikelihood: High

Description

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-100 · CAPEC-47

CVEs mapped to this weakness (71)

page 3 of 4
  • CVE-2026-42915MedJun 9, 2026
    risk 0.37cvss 5.7epss 0.00

    Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service over an adjacent network.

  • CVE-2026-46521MedJun 10, 2026
    risk 0.36cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when using LZMA compression in the MIFF encoder an out of bounds write can occur due to a missing check. This issue has been patched in…

  • CVE-2026-40918MedApr 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that…

  • CVE-2026-2738MedFeb 19, 2026
    risk 0.36cvss epss 0.00

    Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at the end of the encrypted packet

  • CVE-2024-42259MedAug 14, 2024
    risk 0.36cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping…

  • CVE-2017-14934MedSep 30, 2017
    risk 0.36cvss 5.5epss 0.01

    process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.

  • CVE-2026-44223MedMay 12, 2026
    risk 0.35cvss 6.5epss 0.00

    vLLM is an inference and serving engine for large language models (LLMs). From to before 0.20.0, the extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the…

  • CVE-2023-6780MedJan 31, 2024
    risk 0.34cvss 5.3epss 0.03

    An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size…

  • CVE-2026-33985MedMar 30, 2026
    risk 0.31cvss 5.9epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

  • CVE-2025-61661MedNov 18, 2025
    risk 0.31cvss 4.8epss 0.00

    A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can…

  • CVE-2024-39808MedSep 11, 2024
    risk 0.30cvss 4.6epss 0.00

    Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service. This issue affects: Controller 6000 and…

  • CVE-2026-11604MedJun 10, 2026
    risk 0.29cvss epss 0.00

    An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash…

  • CVE-2026-43302MedMay 8, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIG_DMA_API_DEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'max_seg_size' is not…

  • CVE-2026-43107MedMay 6, 2026
    risk 0.29cvss 5.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes including XFRMA_IF_ID when x->if_id is set. …

  • CVE-2026-45784May 19, 2026
    risk 0.00cvss epss 0.00

    `CipherCtxRef::cipher_update_inplace` incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing…

  • CVE-2025-57807Sep 5, 2025
    risk 0.00cvss epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and…

  • CVE-2022-41885Nov 18, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor shape, it overflows. We have patched the issue in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce. The fix will be included in TensorFlow 2.11. We…

  • CVE-2022-41907Nov 18, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11.…

  • CVE-2022-41886Nov 18, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ImageProjectiveTransformV2` is given a large output shape, it overflows. We have patched the issue in GitHub commit 8faa6ea692985dbe6ce10e1a3168e0bd60a723ba. The fix will be included in TensorFlow 2.11.…

  • CVE-2022-41887Nov 18, 2022
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. `tf.keras.losses.poisson` receives a `y_pred` and `y_true` that are passed through `functor::mul` in `BinaryOp`. If the resulting dimensions overflow an `int32`, TensorFlow will crash due to a size mismatch during…