Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-40403 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
CVE-2026-40398 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 15, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-40380 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40377 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40364 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362 1Microsoft 5365 Apps ExcelOffice+2 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-35421 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35420 1Microsoft 6Windows Server 2012 Windows Server 2016Windows Server 2019+3 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-34687 1Adobe 1Illustrator May 12, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir...Show more Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-34642 1Adobe 1After Effects May 13, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ...Show more After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-34343 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34336 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-34329 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-33841 1Microsoft 9Windows 10 21h2 Windows 10 22h2Windows 11 23h2+6 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-33837 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more May 14, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-32177 - - May 13, 2026 May 12, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2025-12659 - - Jun 9, 2026 May 12, 2026 7.3 HIGH· v4 7.8 HIGH· v3 N/A· v2 Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
CVE-2026-42046 - - May 13, 2026 May 11, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overfl...Show more libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format. Depending on the build configuration and memory allocator, this may lead to memory corruption or remote code execution. This is the same vulnerability as CVE-2021-3410 but the fix at that time was not fully correct. Commit fb77acff9ba6bb01d53940da34fb10f20b156a23 fixes this vulnerability.Show less
CVE-2026-8261 - - May 13, 2026 May 11, 2026 2.0 LOW· v4 5.9 MEDIUM· v3 4.6 MEDIUM· v2 A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to lo...Show more A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.Show less

Previous 1...789...116 Next