CWE-131: Incorrect Calculation of Buffer Size — known CVE vulnerabilities
CVEs classified under CWE-131 (Incorrect Calculation of Buffer Size), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2026-52955 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message…
CVE-2026-41676 — CVSS 9.8 (critical): rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and…
CVE-2026-1949 — CVSS 9.8 (critical): Delta Electronics AS320T has incorrect calculation of the buffer size on the stack in the GET/PUT request handler of the web service.
CVE-2026-20911 — CVSS 9.8 (critical): A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A…
CVE-2025-1861 — CVSS 9.8 (critical): In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in…
CVE-2023-5941 — CVSS 9.8 (critical): In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio…
CVE-2021-27378 — CVSS 9.8 (critical): An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain…
CVE-2019-10500 — CVSS 9.8 (critical): While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto…
CVE-2008-0599 — CVSS 9.8 (critical): The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating…
CVE-2005-3120 — CVSS 9.8 (critical): Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via…
CVE-2005-2103 — CVSS 9.8 (critical): Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and…
CVE-2004-1363 — CVSS 9.8 (critical): Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name…
CVE-2004-0434 — CVSS 9.8 (critical): k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request…
CVE-2003-0899 — CVSS 9.8 (critical): Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that…
CVE-2002-1347 — CVSS 9.8 (critical): Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute…
CVE-2001-0249 — CVSS 9.8 (critical): Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the…
CVE-2001-0248 — CVSS 9.8 (critical): Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the…
CVE-2026-41197: Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the…
CVE-2023-50736 — CVSS 9.0 (critical): A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be…
CVE-2021-21776 — CVSS 8.8 (high): An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality of Accusoft ImageGear 19.8. A specially…
CVE-2020-13585 — CVSS 8.8 (high): An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted…
CVE-2005-0490 — CVSS 8.8 (high): Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to…
CVE-2026-53091 — CVSS 8.4 (high): In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdisc_pkt_len_segs_init() Most ndo_start_xmit()…
CVE-2021-35134 — CVSS 8.4 (high): Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in…
CVE-2017-0166 — CVSS 8.1 (high): An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack…
CVE-2025-46723: OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to…
CVE-2017-13315 — CVSS 7.8 (high): In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to…
CVE-2024-46729 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY]…
CVE-2024-43843 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix out-of-bounds issue when preparing trampoline image We…
CVE-2021-46943 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an…
CVE-2020-11240 — CVSS 7.8 (high): Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy…
CVE-2020-13546 — CVSS 7.8 (high): In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to…
CVE-2020-6108 — CVSS 7.8 (high): An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially…
CVE-2020-6116 — CVSS 7.8 (high): An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When…
CVE-2020-6113 — CVSS 7.8 (high): An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when…
CVE-2020-3640 — CVSS 7.8 (high): u'Resizing the usage table header before passing all the checks leads to the function exiting with a usage table in invalid state when a…
CVE-2020-6070 — CVSS 7.8 (high): An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs…
CVE-2019-14078 — CVSS 7.8 (high): Out of bound memory access while processing qpay due to not validating length of the response buffer provided by User. in Snapdragon Auto…
CVE-2018-4038 — CVSS 7.8 (high): An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2…
CVE-2017-13289 — CVSS 7.8 (high): In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a…
CVE-2004-0940 — CVSS 7.8 (high): Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to…
CVE-2004-0747 — CVSS 7.8 (high): Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow…
CVE-2002-0184 — CVSS 7.8 (high): Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root…
CVE-2026-20049 — CVSS 7.7 (high): A vulnerability in the processing of Galois/Counter Mode (GCM)-encrypted Internet Key Exchange version 2 (IKEv2) IPsec traffic of Cisco…
CVE-2023-4257 — CVSS 7.6 (high): Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.