Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

CVEs (4,201)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-12601 2Debian Opencv 2Debian Linux Opencv May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrat...Show more OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmt_bmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case.Show less
CVE-2017-6253 1Nvidia 1Gpu Driver May 13, 2026 Jul 28, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or poten...Show more NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated which may lead to denial of service or potential escalation of privilegesShow less
CVE-2017-11473 2Canonical Linux 2Linux Kernel Ubuntu Linux May 13, 2026 Jul 20, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
CVE-2017-2851 1Foscam 1C1 Indoor Hd Camera Firmware May 13, 2026 Jun 29, 2017 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.
CVE-2017-0176 1Microsoft 2Windows Server 2003 Windows Xp May 13, 2026 Jun 22, 2017 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that t...Show more A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.Show less
CVE-2017-2831 1Foscam 1C1 Indoor Hd Camera Firmware May 13, 2026 Jun 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overf...Show more An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.Show less
CVE-2017-2830 1Foscam 1C1 Indoor Hd Camera Firmware May 13, 2026 Jun 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overf...Show more An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability.Show less
CVE-2017-0296 1Microsoft 6Windows 10 Windows 7Windows 8.1+3 more May 13, 2026 Jun 15, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privile...Show more Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability".Show less
CVE-2017-6862 1Netgear 4Wnr2000 Firmware Wnr2000v3 FirmwareWnr2000v4 Firmware+1 more Apr 21, 2026 May 26, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the...Show more NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that uses a parameter in the administration webapp. The NETGEAR ID is PSV-2016-0261.Show less
CVE-2017-0614 1Linux 1Linux Kernel May 13, 2026 May 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue i...Show more An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35399405. References: QC-CR#1080290.Show less
CVE-2017-0594 1Google 1Android May 13, 2026 May 12, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged proces...Show more An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.Show less
CVE-2017-0465 2Google Linux 2Android Linux Kernel May 13, 2026 May 12, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first r...Show more An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.Show less
CVE-2017-0327 1Linux 1Linux Kernel May 13, 2026 Apr 5, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requ...Show more An elevation of privilege vulnerability in the NVIDIA crypto driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel 3.10. Android ID: A-33893669. References: N-CVE-2017-0327.Show less
CVE-2017-7269 1Microsoft 1Internet Information Services Apr 21, 2026 Mar 27, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long heade...Show more Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.Show less
CVE-2017-6058 1Qemu 1Qemu May 13, 2026 Mar 20, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds...Show more Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping.Show less
CVE-2016-8714 2Debian R Project 2Debian Linux R May 13, 2026 Mar 10, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption...Show more An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.Show less
CVE-2017-0520 1Linux 1Linux Kernel May 13, 2026 Mar 8, 2017 N/A· v4 7.0 HIGH· v3 7.6 HIGH· v2 An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it f...Show more An elevation of privilege vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31750232. References: QC-CR#1082636.Show less
CVE-2017-0481 1Google 1Android May 13, 2026 Mar 8, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local ac...Show more An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992.Show less
CVE-2017-0306 1Linux 1Linux Kernel May 13, 2026 Mar 8, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibili...Show more An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306.Show less
CVE-2016-10066 1Imagemagick 1Imagemagick May 13, 2026 Mar 3, 2017 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file.

Previous 1...203204205...211 Next