Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-34628 1Adobe 1Indesign Apr 16, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...Show more InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-34627 1Adobe 1Indesign Apr 16, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...Show more InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-32223 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more May 26, 2026 Apr 14, 2026 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
CVE-2026-32221 1Microsoft 4Windows 11 24h2 Windows 11 25h2Windows 11 26h1+1 more Apr 17, 2026 Apr 14, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
CVE-2026-32149 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Apr 20, 2026 Apr 14, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-32093 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Apr 20, 2026 Apr 14, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-32087 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Apr 21, 2026 Apr 14, 2026 N/A· v4 7.0 HIGH· v3 N/A· v2 Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-26180 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Apr 23, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26176 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Apr 23, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26156 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Apr 24, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-27286 1Adobe 1Indesign Apr 16, 2026 Apr 14, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive inform...Show more InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-27285 1Adobe 1Indesign Apr 16, 2026 Apr 14, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the ap...Show more InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrupt its functionality. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-27238 1Adobe 1Indesign Apr 16, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...Show more InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2026-22828 1Fortinet 2Fortianalyzer Cloud Fortimanager Cloud May 1, 2026 Apr 14, 2026 N/A· v4 8.1 HIGH· v3 N/A· v2 A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via...Show more A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentationShow less
CVE-2026-40310 1Imagemagick 1Imagemagick Apr 17, 2026 Apr 13, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.Show less
CVE-2026-40183 1Imagemagick 1Imagemagick Apr 17, 2026 Apr 13, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version 7.1.2-19.Show less
CVE-2026-40169 1Imagemagick 1Imagemagick Apr 17, 2026 Apr 13, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, r...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version 7.1.2-19.Show less
CVE-2026-33901 1Imagemagick 1Imagemagick Apr 17, 2026 Apr 13, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out o...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.Show less
CVE-2026-33899 1Imagemagick 1Imagemagick Apr 17, 2026 Apr 13, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.Show less
CVE-2026-32316 1Jqlang 1Jq Apr 22, 2026 Apr 13, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined le...Show more jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, resulting in a drastically undersized heap buffer. Subsequent memory copy operations then write the full string data into this undersized buffer, causing a heap buffer overflow classified as CWE-190 (Integer Overflow) leading to CWE-122 (Heap-based Buffer Overflow). Any system evaluating untrusted jq queries is affected, as an attacker can crash the process or potentially achieve further exploitation through heap corruption by crafting queries that produce extremely large strings. The root cause is the absence of string size bounds checking, unlike arrays and objects which already have size limits. The issue has been addressed in commit e47e56d226519635768e6aab2f38f0ab037c09e5.Show less

Previous 1...111213...116 Next