Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,244)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-27249 1Softmaker 1Planmaker 2021 Nov 21, 2024 Feb 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-b...Show more A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).Show less
CVE-2020-27248 1Softmaker 1Planmaker 2021 Nov 21, 2024 Feb 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-b...Show more A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).Show less
CVE-2020-27247 1Softmaker 1Planmaker 2021 Nov 21, 2024 Feb 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-b...Show more A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).Show less
CVE-2020-13586 1Softmaker 1Planmaker 2021 Nov 21, 2024 Feb 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a...Show more A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2021-22641 1Fujielectric 2V Server V Simulator Nov 21, 2024 Jan 27, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V...Show more A heap-based buffer overflow issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).Show less
CVE-2020-27297 1Honeywell 1Opc Ua Tunneller Nov 21, 2024 Jan 26, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233)...Show more The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).Show less
CVE-2020-27814 2Debian Uclouvain 2Debian Linux Openjpeg Nov 21, 2024 Jan 26, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the use...Show more A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.Show less
CVE-2020-25687 3Debian FedoraprojectThekelleys 3Debian Linux DnsmasqFedora Nov 4, 2025 Jan 20, 2021 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can...Show more A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.Show less
CVE-2020-25682 3Debian FedoraprojectThekelleys 3Debian Linux DnsmasqFedora Nov 4, 2025 Jan 20, 2021 N/A· v4 8.1 HIGH· v3 8.3 HIGH· v2 A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can creat...Show more A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.Show less
CVE-2020-25681 3Debian FedoraprojectThekelleys 3Debian Linux DnsmasqFedora Nov 4, 2025 Jan 20, 2021 N/A· v4 8.1 HIGH· v3 8.3 HIGH· v2 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as...Show more A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.Show less
CVE-2020-25683 3Debian FedoraprojectThekelleys 3Debian Linux DnsmasqFedora Nov 4, 2025 Jan 20, 2021 N/A· v4 5.9 MEDIUM· v3 7.1 HIGH· v2 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS...Show more A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.Show less
CVE-2020-27263 4Ge PtcRockwellautomation+1 more 7Industrial Gateway Server Kepserver EnterpriseKepware Kepserverex+4 more Nov 21, 2024 Jan 14, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway S...Show more KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.Show less
CVE-2021-21006 1Adobe 1Photoshop Nov 21, 2024 Jan 13, 2021 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of...Show more Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2020-26994 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 Jan 12, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This...Show more A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2020-26987 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 Jan 12, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This...Show more A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)Show less
CVE-2020-26986 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 Jan 12, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This...Show more A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)Show less
CVE-2020-26985 1Siemens 2Jt2go Teamcenter Visualization Nov 21, 2024 Jan 12, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI fil...Show more A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)Show less
CVE-2020-25226 1Siemens 65Scalance X200 4pirt Firmware Scalance X201 3pirt FirmwareScalance X202 2irt Firmware+62 more Nov 21, 2024 Jan 12, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.Show less
CVE-2020-15800 1Siemens 65Scalance X200 4pirt Firmware Scalance X201 3pirt FirmwareScalance X202 2irt Firmware+62 more Nov 21, 2024 Jan 12, 2021 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300...Show more A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.Show less
CVE-2020-27841 4Debian FedoraprojectOracle+1 more 4Debian Linux FedoraOpenjpeg+1 more Nov 21, 2024 Jan 5, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greate...Show more There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.Show less

Previous 1...102103104...113 Next