Threats Tagged 'cwe-121'

A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name and linkname fields of a TAR header with strcpy() without guaranteeing null termination of the source. The POSIX ustar format permits these fixed-width fields to be fully populated with non-null bytes, so a crafted archive whose linkname field (followed by the trailing padding of the 512-byte raw header) contains no null terminator causes strcpy() to read past the end of the 512-byte raw header stack buffer and to write past the destination header buffer. A remote attacker who supplies a crafted TAR archive that the victim opens or parses (via mtar_open(), mtar_read_header(), or mtar_find()) can cause an out-of-bounds read and a stack buffer overflow, resulting in denial of service (crash) and potentially arbitrary code execution. Confirmed with AddressSanitizer: stack-buffer-overflow READ of size 356 in raw_to_header at src/microtar.c:112.

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit this vulnerability by sending crafted input to the web service, resulting in memory corruption. Successful exploitation of this vulnerability could allow remote code execution on the target system with root privileges.

A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.

Stack overflow vulnerability in Avast Antivirus when scanning a malformed Office Open XML file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, and Linux for virus definition builds before VPS 25020100. The affected scanning logic is delivered through a shared Gen Digital virus definition update stream. The same stream feeds the consumer antivirus products listed in this advisory and other Gen Digital products that embed the same engine. Mitigation flows through this update channel; installations at or above the listed build are not vulnerable regardless of which product consumes the stream.

CVE-2026-49760 is a stack-based buffer overflow vulnerability in the Erlang OTP's erl_interface library, specifically in the ei_s_print_term function. This function uses a fixed 2000-character stack buffer to format Erlang terms. When processing an encoded Erlang term with a very large integer whose encoded representation exceeds 2000 characters, the buffer overflows. The overflowed bytes are limited to ASCII characters 0-9 and A-F, restricting the impact to denial of service. The related function ei_print_term, which prints directly to a FILE, is not affected. This vulnerability affects OTP versions from 17.0 up to but not including 27.3.4.13, 28.5.0.2, and 29.0.2, corresponding to erl_interface versions from 3.7.16 up to but not including 5.5.2.1, 5.7.0.1, and 5.8.1.

CVE-2026-49759 is a stack-based buffer overflow vulnerability in the Erlang OTP erts inet_drv component. An unauthenticated remote attacker can crash the BEAM VM by sending a specially crafted SCTP ERROR chunk that overflows a fixed-size stack buffer. The overflow does not allow controlled code execution but results in denial of service. Additionally, the crafted packet may leak some Erlang VM memory contents, though this information is already accessible to the user running the VM. This affects Erlang OTP versions from 17.0 up to but not including 27.3.4.13, 28.5.0.2, and 29.0.2, corresponding to erts versions from 6.0 up to but not including 15.2.7.9, 16.4.0.2, and 17.0.2.

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Adobe InDesign Desktop versions up to 20.5.3 and 21.3 are affected by a stack-based buffer overflow vulnerability. This flaw could allow an attacker to execute arbitrary code with the privileges of the current user if the user opens a specially crafted malicious file. Exploitation requires user interaction. The vulnerability has a high severity rating with a CVSS score of 7.8.

A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later