The vulnerabillity exists due to improper accounting of buffer size during allocation that may result in creating of bigger or smaller buffer than it's needed. Making of smaller buffer may lead to arbitrary code execution or sensitive data exposing.
The weakness is introduced during Implementation stage.
Latest vulnerabilities for CWE-131
Description of CWE-131 on Mitre website