Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,251)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2522 1Vim 1Vim Nov 21, 2024 Jul 25, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-31144 1Redis 1Redis Nov 21, 2024 Jul 19, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affect...Show more Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.Show less
CVE-2022-2122 3Debian GstreamerGstreamer Project 3Debian Linux GstreamerGstreamer Mar 17, 2026 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depe...Show more DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.Show less
CVE-2022-1925 3Debian GstreamerGstreamer Project 3Debian Linux GstreamerGstreamer Mar 17, 2026 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chun...Show more DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. Integer overflow in matroskaparse element in gst_matroska_decompress_data function which causes a heap overflow. Due to restrictions on chunk sizes in the matroskademux element, the overflow can't be triggered, however the matroskaparse element has no size checks.Show less
CVE-2022-1924 3Debian GstreamerGstreamer Project 3Debian Linux GstreamerGstreamer Mar 17, 2026 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc...Show more DOS / potential heap overwrite in mkv demuxing using lzo decompression. Integer overflow in matroskademux element in lzo decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.Show less
CVE-2022-1923 3Debian GstreamerGstreamer Project 3Debian Linux GstreamerGstreamer Mar 17, 2026 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on lib...Show more DOS / potential heap overwrite in mkv demuxing using bzip decompression. Integer overflow in matroskademux element in bzip decompression function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.Show less
CVE-2022-1922 3Debian GstreamerGstreamer Project 3Debian Linux GstreamerGstreamer Mar 17, 2026 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depend...Show more DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite.Show less
CVE-2022-1920 3Debian GstreamerGstreamer Project 3Debian Linux GstreamerGstreamer Mar 17, 2026 Jul 19, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.
CVE-2022-34250 1Adobe 1Incopy Nov 21, 2024 Jul 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation...Show more Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-34249 1Adobe 1Incopy Nov 21, 2024 Jul 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation...Show more Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-34246 1Adobe 1Indesign Nov 21, 2024 Jul 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat...Show more Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-34245 1Adobe 1Indesign Nov 21, 2024 Jul 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitat...Show more Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-34241 1Adobe 1Character Animator Nov 21, 2024 Jul 15, 2022 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exp...Show more Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2022-34819 1Siemens 15Simatic Cp 1242 7 V2 Firmware Simatic Cp 1243 1 FirmwareSimatic Cp 1243 7 Lte Eu Firmware+12 more Nov 21, 2024 Jul 12, 2022 N/A· v4 10.0 CRITICAL· v3 9.3 HIGH· v2 A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions...Show more A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device.Show less
CVE-2022-2344 2Fedoraproject Vim 2Fedora Vim Nov 21, 2024 Jul 8, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
CVE-2022-2343 2Fedoraproject Vim 2Fedora Vim Nov 21, 2024 Jul 8, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
CVE-2022-2284 2Fedoraproject Vim 2Fedora Vim Nov 21, 2024 Jul 2, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2264 2Fedoraproject Vim 2Fedora Vim Nov 21, 2024 Jul 1, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-2207 2Fedoraproject Vim 2Fedora Vim Nov 21, 2024 Jun 27, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2022-32137 1Codesys 2Plcwinnt Runtime Toolkit Nov 21, 2024 Jun 24, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not re...Show more In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.Show less

Previous 1...919293...113 Next