Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,307)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-55627 1Oisf 1Suricata Mar 31, 2025 Jan 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being ze...Show more Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8.Show less
CVE-2024-13051 1Ashlar 1Graphite Jan 3, 2025 Dec 30, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Grap...Show more Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977.Show less
CVE-2024-13050 1Ashlar 1Graphite Jan 3, 2025 Dec 30, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Grap...Show more Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976.Show less
CVE-2024-56737 1Gnu 1Grub2 Jun 24, 2025 Dec 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
CVE-2024-56732 - - Dec 28, 2024 Dec 27, 2024 9.3 CRITICAL· v4 8.8 HIGH· v3 N/A· v2 HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
CVE-2020-12819 1Fortinet 1Fortios Jan 21, 2025 Dec 19, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials...Show more A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this contextShow less
CVE-2024-12670 1Autodesk 1Navisworks Nov 13, 2025 Dec 17, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data,...Show more A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-12669 1Autodesk 1Navisworks May 8, 2025 Dec 17, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data,...Show more A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-12179 1Autodesk 1Navisworks May 8, 2025 Dec 17, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data,...Show more A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-49775 - - Jan 13, 2026 Dec 16, 2024 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions <...Show more A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.Show less
CVE-2024-8798 1Zephyrproject 1Zephyr Sep 17, 2025 Dec 16, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
CVE-2024-52059 1Rti 1Connext Professional Oct 2, 2025 Dec 13, 2024 6.9 MEDIUM· v4 7.8 HIGH· v3 N/A· v2 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables an...Show more Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17.Show less
CVE-2024-49138 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 28, 2025 Dec 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-49125 1Microsoft 7Windows Server 2008 Windows Server 2012Windows Server 2016+4 more Jan 14, 2025 Dec 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49104 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 8, 2025 Dec 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49102 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 8, 2025 Dec 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49094 1Microsoft 9Windows 10 1809 Windows 10 21h2Windows 10 22h2+6 more Jan 8, 2025 Dec 12, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
CVE-2024-49089 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jan 8, 2025 Dec 12, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49086 1Microsoft 7Windows Server 2008 Windows Server 2012Windows Server 2016+4 more Jan 8, 2025 Dec 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49085 1Microsoft 7Windows Server 2008 Windows Server 2012Windows Server 2016+4 more Jan 8, 2025 Dec 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

Previous 1...515253...116 Next