Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-39825 1Zoom 4Rooms WorkplaceWorkplace Desktop+1 more Sep 4, 2024 Aug 14, 2024 N/A· v4 8.5 HIGH· v3 N/A· v2 Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2024-41853 1Adobe 1Indesign Aug 19, 2024 Aug 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-41850 1Adobe 1Indesign Aug 19, 2024 Aug 14, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2024-38172 1Microsoft 2365 Apps Office Long Term Servicing Channel Aug 16, 2024 Aug 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38170 1Microsoft 2365 Apps Office Long Term Servicing Channel Aug 16, 2024 Aug 13, 2024 N/A· v4 7.1 HIGH· v3 N/A· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-38169 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Aug 16, 2024 Aug 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2024-38161 1Microsoft 8Windows 10 1809 Windows 10 21h2Windows 10 22h2+5 more Aug 16, 2024 Aug 13, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
CVE-2024-38160 1Microsoft 2Windows 10 1607 Windows Server 2016 Aug 16, 2024 Aug 13, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Windows Network Virtualization Remote Code Execution Vulnerability
CVE-2024-38154 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38152 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Aug 14, 2024 Aug 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows OLE Remote Code Execution Vulnerability
CVE-2024-38142 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Aug 16, 2024 Aug 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
CVE-2024-38130 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38121 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38120 1Microsoft 6Windows Server 2008 Windows Server 2012Windows Server 2016+3 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-38116 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38115 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-38114 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Aug 16, 2024 Aug 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
CVE-2024-7272 1Ffmpeg 1Ffmpeg Aug 13, 2024 Aug 12, 2024 6.9 MEDIUM· v4 8.8 HIGH· v3 7.5 HIGH· v2 A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow....Show more A vulnerability, which was classified as critical, was found in FFmpeg up to 5.1.5. This affects the function fill_audiodata of the file /libswresample/swresample.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. This issue was fixed in version 6.0 by 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 but a backport for 5.1 was forgotten. The exploit has been disclosed to the public and may be used. Upgrading to version 5.1.6 and 6.0 9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6 is able to address this issue. It is recommended to upgrade the affected component.Show less
CVE-2024-43168 - - Nov 3, 2025 Aug 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Ha...Show more DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.Show less
CVE-2024-7534 1Google 1Chrome Oct 15, 2024 Aug 6, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Previous 1...606162...116 Next