Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27410 1Siemens 1Scalance Lpe9403 Firmware Nov 21, 2024 May 9, 2023 N/A· v4 2.7 LOW· v3 N/A· v2 A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup passwor...Show more A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service.Show less
CVE-2023-2241 1Podofo Project 1Podofo Feb 4, 2025 Apr 22, 2023 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow....Show more A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.Show less
CVE-2023-27911 1Autodesk 1Fbx Software Development Kit Feb 6, 2025 Apr 17, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
CVE-2023-26416 1Adobe 1Substance 3d Designer Nov 21, 2024 Apr 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is...Show more Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-26413 1Adobe 1Substance 3d Designer Nov 21, 2024 Apr 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is...Show more Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-26394 1Adobe 1Substance 3d Stager Nov 21, 2024 Apr 12, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-1906 2Fedoraproject Imagemagick 3Extra Packages For Enterprise Linux FedoraImagemagick Feb 10, 2025 Apr 12, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-boun...Show more A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.Show less
CVE-2023-28311 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Nov 21, 2024 Apr 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Microsoft Word Remote Code Execution Vulnerability
CVE-2023-28292 1Microsoft 1Raw Image Extension Nov 21, 2024 Apr 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-28275 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Apr 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2023-28269 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Apr 11, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2023-28262 1Microsoft 2Visual Studio 2019 Visual Studio 2022 Nov 21, 2024 Apr 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Visual Studio Elevation of Privilege Vulnerability
CVE-2023-28254 1Microsoft 5Windows Server 2008 Windows Server 2012Windows Server 2016+2 more Nov 21, 2024 Apr 11, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28252 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Oct 28, 2025 Apr 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2023-28240 1Microsoft 5Windows Server 2008 Windows Server 2012Windows Server 2016+2 more Nov 21, 2024 Apr 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Windows Network Load Balancing Remote Code Execution Vulnerability
CVE-2023-28231 1Microsoft 5Windows Server 2008 Windows Server 2012Windows Server 2016+2 more Nov 21, 2024 Apr 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 DHCP Server Service Remote Code Execution Vulnerability
CVE-2023-28227 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Apr 11, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Windows Bluetooth Driver Remote Code Execution Vulnerability
CVE-2023-28225 1Microsoft 11Windows 10 1507 Windows 10 1607Windows 10 1809+8 more Nov 21, 2024 Apr 11, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Windows NTLM Elevation of Privilege Vulnerability
CVE-2023-28218 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Nov 21, 2024 Apr 11, 2023 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2023-24928 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Apr 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

Previous 1...848586...116 Next