Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,307)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-21248 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21246 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21245 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21241 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21240 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21239 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21238 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21237 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 29, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21236 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21233 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 24, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21223 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 27, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Telephony Service Remote Code Execution Vulnerability
CVE-2025-21186 1Microsoft 4365 Apps AccessOffice+1 more Jul 1, 2025 Jan 14, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Access Remote Code Execution Vulnerability
CVE-2025-21178 1Microsoft 3Visual Studio 2017 Visual Studio 2019Visual Studio 2022 Jan 27, 2025 Jan 14, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Visual Studio Remote Code Execution Vulnerability
CVE-2025-21172 1Microsoft 4.net Visual Studio 2017Visual Studio 2019+1 more May 6, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET and Visual Studio Remote Code Execution Vulnerability
CVE-2025-21171 1Microsoft 3.net PowershellVisual Studio 2022 Jul 10, 2025 Jan 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 .NET Remote Code Execution Vulnerability
CVE-2025-22134 3Neovim NetappVim 3Bootstrap Os NeovimVim Jun 9, 2026 Jan 13, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the e...Show more When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003Show less
CVE-2024-56827 - - Nov 3, 2025 Jan 9, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undef...Show more A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.Show less
CVE-2024-56826 - - Nov 3, 2025 Jan 9, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undef...Show more A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.Show less
CVE-2024-51737 - - Jan 8, 2025 Jan 8, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or...Show more RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments.Show less
CVE-2024-51480 - - Jan 8, 2025 Jan 8, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command argume...Show more RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3.Show less

Previous 1...505152...116 Next