Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,306)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-7507 1Deltaww 1Wplsoft Nov 21, 2024 May 4, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may all...Show more WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.Show less
CVE-2017-2591 2Fedoraproject Redhat 2389 Directory Server Enterprise Linux Nov 21, 2024 Apr 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possib...Show more 389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.Show less
CVE-2018-8833 1Advantech 1Webaccess Hmi Designer Nov 21, 2024 Apr 25, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVE-2016-9586 1Haxx 1Curl Nov 21, 2024 Apr 23, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from...Show more curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.Show less
CVE-2018-8834 1Omron 7Cx Flnet Cx OneCx Programmer+4 more Nov 21, 2024 Apr 17, 2018 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior...Show more Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.Show less
CVE-2017-9636 1Mitsubishielectric 1E Designer Nov 21, 2024 Apr 17, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and syst...Show more Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.Show less
CVE-2018-7519 1Omron 1Cx Supervisor Nov 21, 2024 Mar 21, 2018 N/A· v4 5.3 MEDIUM· v3 4.6 MEDIUM· v2 In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.
CVE-2018-1165 2Joyent Oracle 3Smartos SolarisZfs Storage Appliance Nov 21, 2024 Feb 21, 2018 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code o...Show more This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.Show less
CVE-2017-16737 1We Con 1Levistudio Hmi Editor Firmware Nov 21, 2024 Jan 12, 2018 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.
CVE-2017-16717 1We Con 1Levi Studio Hmi May 13, 2026 Dec 20, 2017 N/A· v4 8.6 HIGH· v3 9.0 HIGH· v2 A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.
CVE-2017-13090 2Debian Gnu 2Debian Linux Wget May 13, 2026 Oct 27, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the c...Show more The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.Show less
CVE-2017-12704 1Advantech 1Webaccess May 13, 2026 Aug 30, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of u...Show more A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process.Show less
CVE-2017-7555 1Augeas 1Augeas May 13, 2026 Aug 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to cop...Show more Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.Show less
CVE-2017-9050 1Xmlsoft 1Libxml2 May 13, 2026 May 18, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerabilit...Show more libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.Show less
CVE-2017-6037 1We Con 1Levi Studio Hmi Editor May 13, 2026 Apr 27, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system.
CVE-2017-5225 1Libtiff 1Libtiff May 6, 2026 Jan 12, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
CVE-2016-1834 6Apple CanonicalDebian+3 more 14Debian Linux Enterprise Linux DesktopEnterprise Linux Server+11 more May 6, 2026 May 20, 2016 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbit...Show more Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.Show less
CVE-2016-1762 6Apple CanonicalDebian+3 more 15Debian Linux Enterprise Linux DesktopEnterprise Linux Server+12 more May 6, 2026 Mar 24, 2016 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2015-3113 5Adobe HpOpensuse+2 more 15Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux Server+12 more Apr 21, 2026 Jun 23, 2015 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspec...Show more Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.Show less
CVE-2014-9495 2Apple Libpng 2Libpng Mac Os X May 6, 2026 Jan 10, 2015 N/A· v4 8.8 HIGH· v3 10.0 HIGH· v2 Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wi...Show more Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.Show less

Previous 1...112 113 114115116 Next