Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-33633 1Kovidgoyal 1Kitty May 22, 2026 May 19, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The...Show more Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG format declaration (f=100) whose payload exceeds twice the initial buffer capacity. The overflow is attacker-controlled in both length and content, causing DoS and potentially escalation to RCE itself. This issue has been fixed in version 0.47.0.Show less
CVE-2026-8711 1F5 1Njs Jun 4, 2026 May 19, 2026 9.2 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_, $arg_, $cookie_) and a location invoking the ngx.fetch() op...Show more NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_, $arg_, $cookie_) and a location invoking the ngx.fetch() operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2026-47311 1Samsung 1Escargot Jun 2, 2026 May 19, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-44662 - - May 15, 2026 May 14, 2026 5.1 MEDIUM· v4 N/A· v3 N/A· v2 rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output bu...Show more rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.Show less
CVE-2026-8560 1Google 1Chrome May 19, 2026 May 14, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-8552 1Google 1Chrome May 19, 2026 May 14, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8531 1Google 1Chrome May 19, 2026 May 14, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8529 1Google 1Chrome May 18, 2026 May 14, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: High)
CVE-2026-8525 1Google 1Chrome May 19, 2026 May 14, 2026 N/A· v4 8.3 HIGH· v3 N/A· v2 Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-8509 1Google 1Chrome May 18, 2026 May 14, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-44636 1Saitoha 1Libsixel May 16, 2026 May 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap buffer overflow. The pu...Show more libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel_encode entry point validates only that width and height are greater than zero, with no upper bound. width and height are multiplied as plain int when computing the allocation size for paletted_pixels and normalized_pixels. Any caller that asks libsixel to encode a pixel buffer with width times height greater than INT_MAX (about 2.15 billion) will hit a wrapped allocation size; under the right wrap, the malloc succeeds with a buffer much smaller than the encoder expects, and the encoder writes past the end of the heap allocation. This vulnerability is fixed in 1.8.7-r2.Show less
CVE-2026-43906 1Openimageio 1Openimageio May 15, 2026 May 14, 2026 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenIm...Show more OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metadata mismatch, leading to memory corruption and potential code execution. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0.Show less
CVE-2026-0264 - - Jun 9, 2026 May 13, 2026 7.2 HIGH· v4 N/A· v3 N/A· v2 A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN...Show more A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or potentially execute arbitrary code by sending specially crafted network traffic (PA-Series hardware only). Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.Show less
CVE-2026-42945 - - May 21, 2026 May 13, 2026 9.2 CRITICAL· v4 8.1 HIGH· v3 N/A· v2 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compati...Show more NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.Show less
CVE-2025-62624 - - May 13, 2026 May 13, 2026 8.8 HIGH· v4 N/A· v3 N/A· v2 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2026-23827 1Arubanetworks 2Arubaos Sd Wan May 15, 2026 May 12, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could al...Show more A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process.Show less
CVE-2026-42896 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42831 1Microsoft 2Office Office Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-41096 1Microsoft 6Windows 11 23h2 Windows 11 24h2Windows 11 25h2+3 more May 15, 2026 May 12, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
CVE-2026-40407 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Previous 1...678...116 Next