Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-29370 1Microsoft 10Windows 10 1507 Windows 10 1607Windows 10 1809+7 more Apr 8, 2025 Jun 14, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Media Remote Code Execution Vulnerability
CVE-2023-29363 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Apr 8, 2025 Jun 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
CVE-2023-29362 1Microsoft 13Remote Desktop Client Windows 10 1507Windows 10 1607+10 more Jul 7, 2025 Jun 14, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Remote Desktop Client Remote Code Execution Vulnerability
CVE-2023-27997 1Fortinet 2Fortios Fortiproxy Oct 24, 2025 Jun 13, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9...Show more A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.Show less
CVE-2023-34488 1Emqx 1Nanomq Sep 24, 2025 Jun 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
CVE-2023-24014 1Deltaww 1Cncsoft B Nov 21, 2024 Jun 7, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2023-0667 1Wireshark 1Wireshark Nov 3, 2025 Jun 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code exec...Show more Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running WiresharkShow less
CVE-2023-0666 2Debian Wireshark 2Debian Linux Wireshark Nov 3, 2025 Jun 7, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the conte...Show more Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.Show less
CVE-2023-2157 1Imagemagick 1Imagemagick Jan 7, 2025 Jun 6, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow vulnerability was found in the ImageMagick package that can lead to the application crashing.
CVE-2023-29344 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Nov 21, 2024 Jun 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Office Remote Code Execution Vulnerability
CVE-2023-32324 2Debian Openprinting 2Cups Debian Linux Nov 21, 2024 Jun 1, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerabi...Show more OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.Show less
CVE-2023-32307 2Debian Signalwire 2Debian Linux Sofia Sip Jan 14, 2025 May 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), seve...Show more Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.Show less
CVE-2023-2804 1Libjpeg Turbo 1Libjpeg Turbo Jan 16, 2025 May 25, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of...Show more A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.Show less
CVE-2023-30763 1Intel 3Battery Life Diagnostic Tool Oneapi Base ToolkitSoc Watch Nov 21, 2024 May 12, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-29283 1Adobe 1Substance 3d Painter Nov 21, 2024 May 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-0854 1Canon 45I Sensys Lbp621cw Firmware I Sensys Lbp623cdw FirmwareI Sensys Lbp633cdw Firmware+42 more Nov 21, 2024 May 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected prod...Show more Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.Show less
CVE-2023-0851 1Canon 45I Sensys Lbp621cw Firmware I Sensys Lbp623cdw FirmwareI Sensys Lbp633cdw Firmware+42 more Nov 21, 2024 May 11, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsiv...Show more Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.Show less
CVE-2023-29341 1Microsoft 1Av1 Video Extension Nov 21, 2024 May 9, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 AV1 Video Extension Remote Code Execution Vulnerability
CVE-2023-24948 1Microsoft 10Windows 10 1507 Windows 10 1607Windows 10 1809+7 more Nov 21, 2024 May 9, 2023 N/A· v4 7.4 HIGH· v3 N/A· v2 Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2023-24943 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 May 9, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

Previous 1...838485...116 Next