Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,307)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-8594 1Autodesk 8Autocad Autocad Advance SteelAutocad Architecture+5 more Apr 11, 2025 Oct 29, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive da...Show more A maliciously crafted MODEL file when parsed in libodxdll.dll through Autodesk AutoCAD can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-8591 1Autodesk 8Autocad Autocad Advance SteelAutocad Architecture+5 more Apr 11, 2025 Oct 29, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write se...Show more A maliciously crafted 3DM file when parsed in AcTranslators.exe through Autodesk AutoCAD can force a Heap-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-8587 1Autodesk 8Advance Steel AutocadAutocad Architecture+5 more Dec 16, 2024 Oct 29, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sen...Show more A maliciously crafted SLDPRT file when parsed in odxsw_dll.dll through Autodesk AutoCAD can force a Heap Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2024-43587 1Microsoft 1Edge Chromium Oct 18, 2024 Oct 17, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-43579 1Microsoft 1Edge Chromium Oct 18, 2024 Oct 17, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-43578 1Microsoft 1Edge Chromium Oct 18, 2024 Oct 17, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-47964 1Deltaww 1Cncsoft G2 Oct 17, 2024 Oct 10, 2024 8.4 HIGH· v4 7.8 HIGH· v3 N/A· v2 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leve...Show more Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2024-45143 1Adobe 1Substance 3d Stager Oct 18, 2024 Oct 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ...Show more Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-45139 1Adobe 1Substance 3d Stager Oct 18, 2024 Oct 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ...Show more Substance3D - Stager versions 3.0.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-47417 1Adobe 1Animate Oct 10, 2024 Oct 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more Animate versions 23.0.7, 24.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-43611 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 22, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43608 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 22, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43607 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 22, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43593 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 22, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43592 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 22, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43589 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 22, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43564 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Oct 17, 2024 Oct 8, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43560 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Oct 17, 2024 Oct 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability
CVE-2024-43528 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Oct 16, 2024 Oct 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-43527 1Microsoft 1Windows 11 24h2 Oct 17, 2024 Oct 8, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Kernel Elevation of Privilege Vulnerability

Previous 1...565758...116 Next