CWE-134
Use of Externally-Controlled Format String
Description
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-135 · CAPEC-67
CVEs mapped to this weakness (252)
page 8 of 13| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55298 | 0.00 | — | 0.04 | Aug 26, 2025 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to… | |||
| CVE-2022-3023 | — | 0.00 | — | 0.01 | Nov 4, 2022 | Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3. | ||
| CVE-2022-40604 | 0.00 | — | 0.02 | Sep 21, 2022 | In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction. | |||
| CVE-2022-27177 | — | 0.00 | — | 0.02 | Apr 1, 2022 | A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2 | ||
| CVE-2021-41193 | 0.00 | — | 0.02 | Mar 1, 2022 | wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs… | |||
| CVE-2021-36161 | — | 0.00 | — | 0.02 | Sep 9, 2021 | Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in… | ||
| CVE-2020-35869 | — | 0.00 | — | 0.02 | Dec 31, 2020 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | ||
| CVE-2020-15203 | 0.00 | — | 0.01 | Sep 25, 2020 | In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This… | |||
| CVE-2019-11287 | 0.00 | — | 0.05 | Nov 22, 2019 | Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason"… | |||
| CVE-2019-15546 | — | 0.00 | — | 0.01 | Aug 26, 2019 | An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities. | ||
| CVE-2019-15547 | — | 0.00 | — | 0.01 | Aug 26, 2019 | An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled. | ||
| CVE-2016-10745 | 0.00 | — | 0.03 | Apr 8, 2019 | In Pallets Jinja before 2.8.1, str.format allows a sandbox escape. | |||
| CVE-2018-1000052 | Hig | 0.00 | 7.5 | 0.01 | Feb 9, 2018 | fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying… | ||
| CVE-2015-6285 | 0.00 | — | 0.01 | Sep 14, 2015 | Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497. | |||
| CVE-2014-8625 | 0.00 | — | 0.03 | Jan 20, 2015 | Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. | |||
| CVE-2013-2131 | 0.00 | — | 0.11 | Jan 4, 2015 | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function. | |||
| CVE-2014-9157 | 0.00 | — | 0.06 | Dec 3, 2014 | Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string. | |||
| CVE-2013-7386 | 0.00 | — | 0.04 | Jun 2, 2014 | Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an… | |||
| CVE-2014-1315 | 0.00 | — | 0.02 | Apr 23, 2014 | Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL. | |||
| CVE-2011-4930 | 0.00 | — | 0.01 | Feb 10, 2014 | Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly… |
- CVE-2025-55298Aug 26, 2025risk 0.00cvss —epss 0.04
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename function where user input is directly passed to…
- CVE-2022-3023Nov 4, 2022risk 0.00cvss —epss 0.01
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
- CVE-2022-40604Sep 21, 2022risk 0.00cvss —epss 0.02
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
- CVE-2022-27177Apr 1, 2022risk 0.00cvss —epss 0.02
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
- CVE-2021-41193Mar 1, 2022risk 0.00cvss —epss 0.02
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs…
- CVE-2021-36161Sep 9, 2021risk 0.00cvss —epss 0.02
Some component in Dubbo will try to print the formated string of the input arguments, which will possibly cause RCE for a maliciously customized bean with special toString method. In the latest version, we fix the toString call in timeout, cache and some other places. Fixed in…
- CVE-2020-35869Dec 31, 2020risk 0.00cvss —epss 0.02
An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings.
- CVE-2020-15203Sep 25, 2020risk 0.00cvss —epss 0.01
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This…
- CVE-2019-11287Nov 22, 2019risk 0.00cvss —epss 0.05
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason"…
- CVE-2019-15546Aug 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the pancurses crate through 0.16.1 for Rust. printw and mvprintw have format string vulnerabilities.
- CVE-2019-15547Aug 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are format string issues in printw functions because C format arguments are mishandled.
- CVE-2016-10745Apr 8, 2019risk 0.00cvss —epss 0.03
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
- risk 0.00cvss 7.5epss 0.01
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying…
- CVE-2015-6285Sep 14, 2015risk 0.00cvss —epss 0.01
Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifiers in an HTTP request, aka Bug ID CSCug21497.
- CVE-2014-8625Jan 20, 2015risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.
- CVE-2013-2131Jan 4, 2015risk 0.00cvss —epss 0.11
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
- CVE-2014-9157Dec 3, 2014risk 0.00cvss —epss 0.06
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not properly handled in an error string.
- CVE-2013-7386Jun 2, 2014risk 0.00cvss —epss 0.04
Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an…
- CVE-2014-1315Apr 23, 2014risk 0.00cvss —epss 0.02
Format string vulnerability in CoreServicesUIAgent in Apple OS X 10.9.x through 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a URL.
- CVE-2011-4930Feb 10, 2014risk 0.00cvss —epss 0.01
Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly…