Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,252)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-42403 1Pdf Xchange 1Pdf Xchange Editor Nov 27, 2024 Jan 26, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious p...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892.Show less
CVE-2023-0433 1Vim 1Vim Nov 21, 2024 Jan 21, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
CVE-2023-21605 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Jan 18, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution...Show more Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-21594 1Adobe 1Incopy Nov 21, 2024 Jan 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th...Show more Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-21587 1Adobe 1Indesign Nov 21, 2024 Jan 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t...Show more Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2023-0288 1Vim 1Vim Nov 21, 2024 Jan 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
CVE-2022-3160 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 Jan 13, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
CVE-2022-43591 1Qt 1Qt Nov 21, 2024 Jan 12, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. T...Show more A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.Show less
CVE-2022-3437 2Fedoraproject Samba 2Fedora Samba Nov 21, 2024 Jan 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-...Show more A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.Show less
CVE-2021-3966 1Zephyrproject 1Zephyr Nov 21, 2024 Jan 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
CVE-2023-21793 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21792 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21791 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21790 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21787 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21786 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21785 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21783 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21782 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability
CVE-2023-21781 1Microsoft 13d Builder Nov 21, 2024 Jan 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 3D Builder Remote Code Execution Vulnerability

Previous 1...868788...113 Next