CWE-120
4,227 CVEs • Abstraction: Base • Likelihood of Exploit: High
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
CVEs (4,227)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted f...Show more |
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause newly installed apps to fail to restart. |
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. |
Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability. |
Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blo...Show more |
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file. |
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file. |
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. |
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). |
Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. |
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. |
1Ezsoftmagic 1Mp3 Audio Converter Jun 17, 2026 Aug 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow. |
1Samsung 5S3nrn4v Firmware S3nrn82 FirmwareS3nsen4 Firmware+2 moreJun 17, 2026 Aug 8, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart. |
Memory corruption in QESL while processing payload from external ESL device to firmware. |
1Qualcomm 65Apq8096au Firmware Aqt1000 FirmwareMdm9628 Firmware+62 moreJun 17, 2026 Aug 8, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in WLAN while running doDriverCmd for an unspecific command. |
log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. |
1Netgear 3Jwnr2000v2 Firmware Xavn2001v2 FirmwareXwn5001 FirmwareJun 17, 2026 Aug 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function. |
Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. |
1Netgear 3Dc112a Firmware Ex6200 FirmwareR6300v2 FirmwareJun 17, 2026 Aug 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. |
Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. |