Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,251)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-0261 3Apple DebianVim 4Debian Linux Mac Os XMacos+1 more Nov 3, 2025 Jan 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
CVE-2021-44709 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Jan 14, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially result...Show more Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-44708 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Jan 14, 2022 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially result...Show more Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-23157 1We Con 1Levistudiou Nov 21, 2024 Jan 14, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
CVE-2022-0213 2Debian Vim 2Debian Linux Vim Nov 21, 2024 Jan 14, 2022 N/A· v4 6.6 MEDIUM· v3 6.8 MEDIUM· v2 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-34945 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15054.Show less
CVE-2021-34938 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14995.Show less
CVE-2021-34907 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14880.Show less
CVE-2021-34905 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14878.Show less
CVE-2021-34904 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14877.Show less
CVE-2021-34900 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14867.Show less
CVE-2021-34896 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14863.Show less
CVE-2021-34893 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14846.Show less
CVE-2021-34871 1Bentley 2Bentley View Microstation Nov 21, 2024 Jan 13, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14695.Show less
CVE-2022-0158 3Apple FedoraprojectVim 3Fedora MacosVim Nov 21, 2024 Jan 10, 2022 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-24042 1Whatsapp 1Whatsapp May 22, 2025 Jan 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior t...Show more The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.Show less
CVE-2022-0080 1Mruby 1Mruby May 22, 2025 Jan 2, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 mruby is vulnerable to Heap-based Buffer Overflow
CVE-2021-38415 1Fujielectric 2V Server V Simulator Nov 21, 2024 Dec 20, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
CVE-2021-4136 3Apple FedoraprojectVim 4Fedora Mac Os XMacos+1 more Nov 21, 2024 Dec 19, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-44445 1Siemens 2Jt Open Toolkit Jt Utilities Nov 21, 2024 Dec 14, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer w...Show more A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15054)Show less

Previous 1...969798...113 Next