Integer overflow results in a short malloc and an overflow. A guard is put in place to protect against the overflow.

Integer overflow results in a short malloc and an overflow. A guard was put in place to protect the overflow but the guard is incorrect.

An fgets is called with a correct bound.

An fgets is called with an incorrect bound allowing a stack buffer to be overrun.

An fgets is used in place of gets with a proper bounds check.

A gets is never safe for untrusted input due to lack of buffer length checks.

A printf is called with a static format string. This is not a defect.

A printf is called with a user format string. This is a defect.

A syslog is called with a static format string.

A syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains.

An ad-hoc string copy with bounds check does not overflows a stack buffer.

An ad-hoc string copy without bounds check overflows a stack buffer.

An ad hoc gets with bounds check does not allow a stack buffer to be overrun.

An ad hoc gets without bounds check allows a stack buffer to be overrun.

A string decode function properly checks for termination and no buffer overflow occurs.

A string decode function misses a termination check which allows the decode to proceed past the end of the buffer.

A system() is called with user-provided data but the data is strictly scrutinized first.

A system() is called with user-provided data.

A file is accessed multiple times by its file descriptor in a publically accessible directory. A race condition does not exist between the accesses where an attacker cannot replace the file referenced by the name.

A file is accessed multiple times by name in a publically accessible directory. A race condition exists between the accesses where an attacker can replace the file referenced by the name.

A malloc-ed data is freed only once.

A malloc-ed data is freed more than once.

A syslog is called with a static format string.

A syslog is called with a user supplied format string. An attempt was made to preformat the buffer but the vulnerability remains.

A printf is called with a static format string.