Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,244)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-39823 1Adobe 1Svg Native Viewer Nov 21, 2024 Sep 27, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbit...Show more Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.Show less
CVE-2021-32959 1Aveva 1Suitelink Nov 21, 2024 Sep 23, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in SuiteLink server while processing commands 0x05/0x06
CVE-2021-34770 1Cisco 1Ios Xe Oct 30, 2025 Sep 23, 2021 N/A· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote a...Show more A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a logic error that occurs during the validation of CAPWAP packets. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition.Show less
CVE-2021-38404 1Deltaww 1Dopsoft Nov 21, 2024 Sep 17, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this...Show more Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2021-3778 4Debian FedoraprojectNetapp+1 more 4Debian Linux FedoraOntap Select Deploy Administration Utility+1 more Nov 21, 2024 Sep 15, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-25449 1Google 1Android Nov 21, 2024 Sep 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
CVE-2021-26603 1Bandisoft 1Ark Library Nov 21, 2024 Sep 9, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
CVE-2021-3770 3Fedoraproject NetappVim 3Fedora Ontap Select Deploy Administration UtilityVim Nov 21, 2024 Sep 6, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 vim is vulnerable to Heap-based Buffer Overflow
CVE-2021-28560 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Sep 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker coul...Show more Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-28558 1Adobe 4Acrobat Acrobat DcAcrobat Reader+1 more Nov 21, 2024 Sep 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An...Show more Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-36073 1Adobe 1Bridge Nov 21, 2024 Sep 1, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the curr...Show more Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-36065 1Adobe 1Photoshop Nov 21, 2024 Sep 1, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit...Show more Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-36056 2Adobe Debian 2Debian Linux Xmp Toolkit Software Development Kit Nov 3, 2025 Sep 1, 2021 N/A· v4 7.3 HIGH· v3 9.3 HIGH· v2 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in...Show more XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.Show less
CVE-2021-36054 2Adobe Debian 2Debian Linux Xmp Toolkit Software Development Kit Nov 3, 2025 Sep 1, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user inte...Show more XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.Show less
CVE-2021-36050 2Adobe Debian 2Debian Linux Xmp Toolkit Software Development Kit Nov 3, 2025 Sep 1, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in...Show more XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file.Show less
CVE-2021-33007 1Deltaww 1Tpeditor Nov 21, 2024 Aug 30, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execu...Show more A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code.Show less
CVE-2021-28629 1Adobe 1Animate Nov 21, 2024 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of th...Show more Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-28620 1Adobe 1Animate Nov 21, 2024 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of th...Show more Adobe Animate version 21.0.6 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-28610 1Adobe 1After Effects Nov 21, 2024 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arb...Show more Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2021-28608 1Adobe 1After Effects Nov 21, 2024 Aug 24, 2021 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arb...Show more Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less

Previous 1...9899100...113 Next