Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,227)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-29507 1Artifex 1Ghostscript Jun 17, 2026 Jul 3, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters.
CVE-2024-29506 1Artifex 1Ghostscript Jun 17, 2026 Jul 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name.
CVE-2024-32230 1Ffmpeg 1Ffmpeg Jun 17, 2026 Jul 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
CVE-2024-32228 1Ffmpeg 1Ffmpeg Jun 17, 2026 Jul 1, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end.
CVE-2024-23368 1Qualcomm 341Apq8064au Firmware Aqt1000 FirmwareAr8035 Firmware+338 more Jun 17, 2026 Jul 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption when allocating and accessing an entry in an SMEM partition.
CVE-2024-27628 1Offis 1Dcmtk Jun 17, 2026 Jun 28, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the EctEnhancedCT method component.
CVE-2024-39349 1Synology 2Bc500 Firmware Tc500 Firmware Jun 17, 2026 Jun 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute a...Show more A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.Show less
CVE-2024-39134 1Gdraheim 1Zziplib Jun 17, 2026 Jun 27, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c.
CVE-2024-39207 - - Jun 17, 2026 Jun 27, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
CVE-2024-39129 - - Jun 17, 2026 Jun 27, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp.
CVE-2024-37571 - - Jun 17, 2026 Jun 26, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter.
CVE-2024-38952 1Dronecode 1Px4 Drone Autopilot Jun 17, 2026 Jun 25, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /logger/logged_topics.cpp.
CVE-2024-38951 1Dronecode 1Px4 Drone Autopilot Jun 17, 2026 Jun 25, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a crafted MavLink message.
CVE-2024-4640 1Moxa 4Oncell G3470a Lte Eu T Firmware Oncell G3470a Lte Eu FirmwareOncell G3470a Lte Us T Firmware+1 more Jun 17, 2026 Jun 25, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions...Show more OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to missing bounds checking on buffer operations. An attacker could write past the boundaries of allocated buffer regions in memory, causing a program crash.Show less
CVE-2024-39291 1Linux 1Linux Kernel Jun 17, 2026 Jun 24, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was...Show more In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf function. The issue was due to the size of the buffer 'ucode_prefix' being too small to accommodate the maximum possible length of the string being written into it. The string being written is "amdgpu/%s_mec.bin" or "amdgpu/%s_rlc.bin", where %s is replaced by the value of 'chip_name'. The length of this string without the %s is 16 characters. The warning message indicated that 'chip_name' could be up to 29 characters long, resulting in a total of 45 characters, which exceeds the buffer size of 30 characters. To resolve this issue, the size of the 'ucode_prefix' buffer has been reduced from 30 to 15. This ensures that the maximum possible length of the string being written into the buffer will not exceed its size, thus preventing potential buffer overflow and truncation issues. Fixes the below with gcc W=1: drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c: In function ‘gfx_v9_4_3_early_init’: drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:379:52: warning: ‘%s’ directive output may be truncated writing up to 29 bytes into a region of size 23 [-Wformat-truncation=] 379 \| snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_rlc.bin", chip_name); \| ^~ ...... 439 \| r = gfx_v9_4_3_init_rlc_microcode(adev, ucode_prefix); \| ~~~~~~~~~~~~ drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:379:9: note: ‘snprintf’ output between 16 and 45 bytes into a destination of size 30 379 \| snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_rlc.bin", chip_name); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:413:52: warning: ‘%s’ directive output may be truncated writing up to 29 bytes into a region of size 23 [-Wformat-truncation=] 413 \| snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_mec.bin", chip_name); \| ^~ ...... 443 \| r = gfx_v9_4_3_init_cp_compute_microcode(adev, ucode_prefix); \| ~~~~~~~~~~~~ drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c:413:9: note: ‘snprintf’ output between 16 and 45 bytes into a destination of size 30 413 \| snprintf(fw_name, sizeof(fw_name), "amdgpu/%s_mec.bin", chip_name); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Show less
CVE-2024-33278 - - Jun 17, 2026 Jun 24, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for th...Show more Buffer Overflow vulnerability in ASUS router RT-AX88U with firmware versions v3.0.0.4.388_24198 allows a remote attacker to execute arbitrary code via the connection_state_machine due to improper length validation for the cookie field.Show less
CVE-2021-47609 1Linux 1Linux Kernel Jun 17, 2026 Jun 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when c...Show more In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.Show less
CVE-2024-38577 1Linux 1Linux Kernel Jun 17, 2026 Jun 19, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if count...Show more In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE.Show less
CVE-2024-38576 1Linux 1Linux Kernel Jun 17, 2026 Jun 19, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge...Show more In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE.Show less
CVE-2024-38541 1Linux 1Linux Kernel Jun 17, 2026 Jun 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the l...Show more In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char).Show less

Previous 1...878889...212 Next