Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-32083 1Microsoft 3Windows Server 2016 Windows Server 2019Windows Server 2022 Nov 21, 2024 Jul 11, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Microsoft Failover Cluster Information Disclosure Vulnerability
CVE-2023-32047 1Microsoft 1Paint 3d Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Paint 3D Remote Code Execution Vulnerability
CVE-2023-36824 2Fedoraproject Redis 2Fedora Redis Apr 10, 2025 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random hea...Show more Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.Show less
CVE-2023-37247 1Siemens 1Tecnomatix Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based bu...Show more A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)Show less
CVE-2023-37246 1Siemens 1Tecnomatix Nov 21, 2024 Jul 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based bu...Show more A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)Show less
CVE-2023-34432 3Fedoraproject RedhatSound Exchange Project 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Nov 21, 2024 Jul 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
CVE-2023-34318 3Fedoraproject RedhatSound Exchange Project 4Enterprise Linux Extra Packages For Enterprise LinuxFedora+1 more Jun 27, 2025 Jul 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
CVE-2022-48512 1Huawei 2Emui Harmonyos Nov 21, 2024 Jul 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.
CVE-2023-27390 1Diagon Project 1Diagon Nov 21, 2024 Jul 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a maliciou...Show more A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.Show less
CVE-2023-34474 2Fedoraproject Imagemagick 3Extra Packages For Enterprise Linux FedoraImagemagick Nov 21, 2024 Jun 16, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read...Show more A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.Show less
CVE-2023-3291 1Gpac 1Gpac Nov 21, 2024 Jun 16, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.
CVE-2023-32028 1Microsoft 2Ole Db Driver For Sql Server Sql Server Nov 21, 2024 Jun 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft SQL OLE DB Remote Code Execution Vulnerability
CVE-2023-32027 1Microsoft 2Odbc Driver For Sql Server Sql Server Nov 21, 2024 Jun 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-32026 1Microsoft 2Odbc Driver For Sql Server Sql Server Nov 21, 2024 Jun 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-32025 1Microsoft 2Odbc Driver For Sql Server Sql Server Nov 21, 2024 Jun 16, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-24897 1Microsoft 6.net .net FrameworkVisual Studio+3 more Nov 21, 2024 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2023-33146 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Nov 21, 2024 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Office Remote Code Execution Vulnerability
CVE-2023-33133 1Microsoft 4365 Apps ExcelOffice Long Term Servicing Channel+1 more Nov 4, 2025 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33129 1Microsoft 1Sharepoint Server Jan 1, 2025 Jun 14, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Microsoft SharePoint Server Denial of Service Vulnerability
CVE-2023-29372 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Apr 8, 2025 Jun 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Previous 1...828384...116 Next