VYPR

CWE-134

Use of Externally-Controlled Format String

BaseDraftLikelihood: High

Description

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-135 · CAPEC-67

CVEs mapped to this weakness (252)

page 8 of 13
  • CVE-2025-55298Aug 26, 2025
    risk 0.00cvss epss 0.04

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to…

  • CVE-2022-3023Nov 4, 2022
    risk 0.00cvss epss 0.01

    Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.

  • CVE-2022-40604Sep 21, 2022
    risk 0.00cvss epss 0.02

    In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

  • CVE-2022-27177Apr 1, 2022
    risk 0.00cvss epss 0.02

    A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2

  • CVE-2021-41193Mar 1, 2022
    risk 0.00cvss epss 0.02

    wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs…

  • CVE-2021-36161Sep 9, 2021
    risk 0.00cvss epss 0.02

    Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in…

  • CVE-2020-35869Dec 31, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.

  • CVE-2020-15203Sep 25, 2020
    risk 0.00cvss epss 0.01

    In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This…

  • CVE-2019-11287Nov 22, 2019
    risk 0.00cvss epss 0.05

    Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason"…

  • CVE-2019-15546Aug 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.

  • CVE-2019-15547Aug 26, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.

  • CVE-2016-10745Apr 8, 2019
    risk 0.00cvss epss 0.03

    In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.

  • CVE-2018-1000052HigFeb 9, 2018
    risk 0.00cvss 7.5epss 0.01

    fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying…

  • CVE-2015-6285Sep 14, 2015
    risk 0.00cvss epss 0.01

    Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.

  • CVE-2014-8625Jan 20, 2015
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

  • CVE-2013-2131Jan 4, 2015
    risk 0.00cvss epss 0.11

    Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

  • CVE-2014-9157Dec 3, 2014
    risk 0.00cvss epss 0.06

    Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.

  • CVE-2013-7386Jun 2, 2014
    risk 0.00cvss epss 0.04

    Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an…

  • CVE-2014-1315Apr 23, 2014
    risk 0.00cvss epss 0.02

    Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.

  • CVE-2011-4930Feb 10, 2014
    risk 0.00cvss epss 0.01

    Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly…