Threats Tagged 'cwe-120'

OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT data lines. Input comes from `lineBuffer[4096]`, so a crafted .spi3d file can overflow by ~4000 bytes on non-Windows. Version 2.5.2 fixes the issue.

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Web Integration Service) allows Filter Failure through Buffer Overflow.This issue affects Connext Professional: from 7.4.0 before 7.*, from 7.0.0 before 7.3.1.3, from 6.1.2 before 6.1.*.

CVE-2026-3871 is a buffer overflow vulnerability in the UPnP DeletePortMapping() command of Zyxel VMG4005-B50B firmware versions up to and including 5.13(ABRL.5.4)C0. This vulnerability can be exploited by an adjacent attacker to cause a temporary denial-of-service (DoS) condition affecting the UPnP functionality of the device. The issue stems from improper size checking during buffer copy operations.

A buffer overflow vulnerability exists in the UPnP AddPortMapping() command of Zyxel VMG4005-B50B firmware versions up to and including 5.13(ABRL.5.4)C0. This vulnerability can be exploited by an adjacent attacker to cause a temporary denial-of-service (DoS) condition affecting the UPnP functionality of the device. The vulnerability is classified as CWE-120, indicating a classic buffer overflow due to lack of input size checking.

CVE-2026-25277 is a high-severity buffer overflow vulnerability in Qualcomm Snapdragon platforms related to memory corruption when using Strongbox. It affects multiple Snapdragon 8 series mobile platforms. The vulnerability allows an attacker with local privileges to cause a buffer overflow, potentially leading to complete confidentiality, integrity, and availability compromise. No official patch or remediation guidance is currently available.

CVE-2026-7454 is a high-severity buffer overflow vulnerability in Autodesk 3ds Max versions 2026 and 2027. It arises from improper handling of WRL files, where a maliciously crafted file can cause memory corruption. This vulnerability allows an attacker to execute arbitrary code within the context of the affected process, potentially leading to full compromise of the application. The vulnerability requires local access with user interaction to trigger. No official patch or remediation guidance has been confirmed yet.

CVE-2026-7452 is a high-severity buffer overflow vulnerability in Autodesk 3ds Max versions 2026 and 2027. It arises from improper handling of WRL files, allowing a maliciously crafted file to cause memory corruption. This can enable an attacker to execute arbitrary code within the context of the affected process. The vulnerability requires local access with user interaction to trigger. No official patch or remediation guidance has been confirmed at this time.