Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,216)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-40709 1Adobe 2Photoshop 2020 Photoshop 2021 Jun 17, 2026 Sep 27, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerabili...Show more Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted SVG file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-0421 1Google 1Android Jun 17, 2026 Sep 27, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is n...Show more In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.Show less
CVE-2021-33035 1Apache 1Openoffice Jun 17, 2026 Sep 23, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just...Show more Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10Show less
CVE-2021-34727 1Cisco 1Ios Xe Sd Wan Jun 17, 2026 Sep 23, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds ch...Show more A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition.Show less
CVE-2021-38090 1Ffmpeg 1Ffmpeg Jun 17, 2026 Sep 20, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-32265 1Axiosys 1Bento4 Jun 17, 2026 Sep 20, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or in...Show more An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the function AP4_MemoryByteStream::WritePartial() located in Ap4ByteStream.cpp. It allows an attacker to cause code execution or information disclosure.Show less
CVE-2020-20891 1Ffmpeg 1Ffmpeg Jun 17, 2026 Sep 20, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Buffer Overflow vulnerability in function config_input in libavfilter/vf_gblur.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts.
CVE-2021-31845 1Mcafee 1Data Loss Prevention Discover Jun 17, 2026 Sep 17, 2021 N/A· v4 7.3 HIGH· v3 6.0 MEDIUM· v2 A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed A...Show more A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.Show less
CVE-2021-31844 1Mcafee 1Data Loss Prevention Endpoint Jun 17, 2026 Sep 17, 2021 N/A· v4 7.3 HIGH· v3 4.6 MEDIUM· v2 A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed...Show more A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges through placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.Show less
CVE-2020-21596 2Debian Struktur 2Debian Linux Libde265 Jun 17, 2026 Sep 16, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_bit function, which can be exploited via a crafted a file.
CVE-2020-21534 2Debian Xfig Project 2Debian Linux Fig2dev Jun 17, 2026 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a global buffer overflow in the get_line function in read.c.
CVE-2020-21532 2Debian Xfig Project 2Debian Linux Fig2dev Jun 17, 2026 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c.
CVE-2020-21531 2Debian Xfig Project 2Debian Linux Fig2dev Jun 17, 2026 Sep 16, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c.
CVE-2020-14124 1Mi 1Ax3600 Firmware Jun 17, 2026 Sep 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12.
CVE-2021-33720 1Siemens 3Siprotec 5 With Cpu Variant Cp050 Siprotec 5 With Cpu Variant Cp100Siprotec 5 With Cpu Variant Cp300 Jun 17, 2026 Sep 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All ve...Show more A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition.Show less
CVE-2021-33719 1Siemens 3Siprotec 5 With Cpu Variant Cp050 Siprotec 5 With Cpu Variant Cp100Siprotec 5 With Cpu Variant Cp300 Jun 17, 2026 Sep 14, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All ve...Show more A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.Show less
CVE-2021-27391 1Siemens 8Apogee Mbc (ppc) (p2 Ethernet) Firmware Apogee Mec (ppc) (p2 Ethernet) FirmwareApogee Pxc Bacnet Automation Controller Firmware+5 more Jun 17, 2026 Sep 14, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Com...Show more A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.Show less
CVE-2021-41054 2Atftp Project Debian 2Atftp Debian Linux Jun 17, 2026 Sep 13, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.
CVE-2021-25461 1Google 1Android Jun 17, 2026 Sep 9, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
CVE-2021-40284 1Dlink 1Dsl 3782 Firmware Jun 17, 2026 Sep 9, 2021 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigg...Show more D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of service. This vulnerability exists in the web interface "/cgi-bin/New_GUI/Igmp.asp". Authenticated remote attackers can trigger this vulnerability by sending a long string in parameter 'igmpsnoopEnable' via an HTTP request.Show less

Previous 1...160161162...211 Next