Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,251)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-1383 1Radare 1Radare2 Nov 21, 2024 Apr 18, 2022 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive informati...Show more Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.Show less
CVE-2022-1381 3Apple FedoraprojectVim 3Fedora MacosVim Nov 21, 2024 Apr 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVE-2021-40426 1Sound Exchange Project 1Sound Exchange Jun 24, 2025 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An att...Show more A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-21948 2Anycubic Chitubox 2Chitubox Chitubox Basic Nov 21, 2024 Apr 14, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a...Show more A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Chitubox AnyCubic Plugin 1.0.0. A specially-crafted GF file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-21947 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can...Show more Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is greater or equal than 9.Show less
CVE-2021-21946 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can...Show more Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer overflow takes place when the `SOF3` precision is lower than 9.Show less
CVE-2021-21945 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to...Show more Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the second 12 bits from local variable.Show less
CVE-2021-21944 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to...Show more Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger these vulnerabilities.This heap-based buffer oveflow takes place trying to copy the first 12 bits from local variable.Show less
CVE-2021-21943 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this...Show more A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-21942 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file t...Show more An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-21914 1Accusoft 1Imagegear Nov 21, 2024 Apr 14, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to t...Show more A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2022-22188 1Juniper 1Junos Nov 21, 2024 Apr 14, 2022 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the devi...Show more An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1.Show less
CVE-2022-21214 1Fujielectric 1Alpha5 Smart Loader Firmware Nov 21, 2024 Apr 12, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution.
CVE-2022-27572 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
CVE-2022-27571 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27570 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27569 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-27568 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
CVE-2022-26098 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
CVE-2022-26092 1Google 1Android Nov 21, 2024 Apr 11, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.

Previous 1...939495...113 Next