Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,307)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-49507 1Adobe 1Indesign Nov 16, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-49525 1Adobe 1Substance 3d Painter Nov 13, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue re...Show more Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-49517 1Adobe 1Substance 3d Painter Nov 13, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue re...Show more Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-47431 1Adobe 1Substance 3d Painter Nov 13, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue re...Show more Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-47450 1Adobe 1Illustrator Nov 14, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires use...Show more Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-33505 1Fortinet 3Fortianalyzer FortimanagerFortimanager Cloud Jan 31, 2025 Nov 12, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 th...Show more A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requestsShow less
CVE-2024-49030 1Microsoft 4365 Apps ExcelOffice+1 more Nov 16, 2024 Nov 12, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-49017 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49015 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49013 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49012 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49011 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49010 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49009 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49008 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49007 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49006 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49005 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49004 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability
CVE-2024-49002 1Microsoft 3Sql Server 2016 Sql Server 2017Sql Server 2019 Nov 15, 2024 Nov 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 SQL Server Native Client Remote Code Execution Vulnerability

Previous 1...545556...116 Next