Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-29204 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands
CVE-2024-24996 1Ivanti 1Avalanche May 6, 2025 Apr 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands.
CVE-2024-0257 - - Nov 21, 2024 Apr 17, 2024 N/A· v4 3.3 LOW· v3 N/A· v2 RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application.
CVE-2024-31582 2Fedoraproject Ffmpeg 2Fedora Ffmpeg Nov 4, 2025 Apr 17, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a...Show more FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.Show less
CVE-2024-31580 1Linuxfoundation 1Pytorch Jun 10, 2025 Apr 17, 2024 N/A· v4 4.0 MEDIUM· v3 N/A· v2 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted in...Show more PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.Show less
CVE-2023-5404 - - Nov 21, 2024 Apr 17, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2023-5400 - - Nov 21, 2024 Apr 17, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell...Show more Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. Show less
CVE-2023-49528 2Fedoraproject Ffmpeg 2Fedora Ffmpeg Nov 4, 2025 Apr 12, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.
CVE-2024-3516 2Fedoraproject Google 2Chrome Fedora Mar 13, 2025 Apr 10, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-25115 - - Nov 21, 2024 Apr 9, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform he...Show more RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. Show less
CVE-2024-29985 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29984 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29983 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29982 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29048 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29047 1Microsoft 2Sql Server 2019 Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29046 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-29044 1Microsoft 3Ole Db Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 15, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28943 1Microsoft 3Odbc Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 16, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2024-28941 1Microsoft 3Odbc Driver For Sql Server Sql Server 2019Sql Server 2022 Jan 14, 2025 Apr 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Previous 1...707172...116 Next