Although code using a specific program language may not be susceptible to a buffer overflow attack,
A. most calls to plug-in programs are susceptible.
B. most supporting application code is susceptible.
C. the graphical images used by the application could be susceptible.
D. the supporting virtual machine could be susceptible.
I would choose A
If program calls some plugin, there would be an instruction pointer indicating the address of ode to be executed. That’s a perfect place for buffer overflow.
https://arstechnica.com/information-technology/2015/08/how-security-flaws-work-the-buffer-overflow/
This is a tough one. Here’s the closest thing I can find to support C as correct:
“Buffer overflows found in widely used server products are likely to become widely known and can pose a significant risk to users of these products. When web applications use libraries, such as a graphics library to generate images, they open themselves to potential buffer overflow attacks.”
This refers to libraries and specifically graphic libraries, but I’m not sure it’s enough to make a solid case.