Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-22100 1Microdicom 1Dicom Viewer Mar 6, 2025 Mar 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM V...Show more MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability. Show less
CVE-2024-24246 2Fedoraproject Qpdf Project 2Fedora Qpdf Nov 4, 2025 Feb 29, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
CVE-2024-25262 - - Nov 3, 2025 Feb 29, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
CVE-2024-22532 1Xnview 1Nconvert May 13, 2025 Feb 28, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file.
CVE-2024-1847 13ds 1Solidworks Mar 3, 2025 Feb 28, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading proced...Show more Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, IPT, JT, SAT, STL, STP, X_B or X_T file. NOTE: CVE-2024-3298 and CVE-2024-3299 were SPLIT from this ID.Show less
CVE-2024-21886 - - Nov 4, 2025 Feb 28, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.
CVE-2024-21885 - - Nov 4, 2025 Feb 28, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a h...Show more A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments.Show less
CVE-2024-21802 2Ggerganov Ggml 2Llama.cpp Llama.cpp Apr 27, 2026 Feb 26, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious...Show more A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2024-23127 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Dec 31, 2025 Feb 22, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerabi...Show more A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2023-42848 1Apple 5Ipad Os Iphone OsMacos+2 more Nov 4, 2025 Feb 21, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a malicious...Show more The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image may lead to heap corruption.Show less
CVE-2024-21795 2Fedoraproject Libbiosig Project 2Fedora Libbiosig Nov 4, 2025 Feb 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution....Show more A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2023-45318 2Silabs Weston Embedded 2Gecko Software Development Kit Uc Http Nov 4, 2025 Feb 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can s...Show more A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2024-26327 1Qemu 1Qemu May 7, 2025 Feb 19, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
CVE-2024-0018 1Google 1Android Dec 16, 2024 Feb 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed...Show more In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-0040 1Google 1Android Dec 16, 2024 Feb 16, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is...Show more In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-0033 1Google 1Android Dec 16, 2024 Feb 16, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction i...Show more In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-20739 1Adobe 1Audition Dec 6, 2024 Feb 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-23086 1Freebsd 1Freebsd Dec 9, 2024 Feb 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Handlers for _CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified...Show more Handlers for _CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Users with access to the mpr, mps or mpt device node may overwrite heap data, potentially resulting in privilege escalation. Note that the device node is only accessible to root and members of the operator group.Show less
CVE-2024-21370 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21369 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Nov 21, 2024 Feb 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Previous 1...747576...116 Next