Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-21246 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21245 1Microsoft 3Windows 11 24h2 Windows 11 25h2Windows Server 2025 Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21244 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.3 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21239 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21236 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Feb 11, 2026 Feb 10, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-23719 1Siemens 2Simcenter Femap Simcenter Nastran Feb 11, 2026 Feb 10, 2026 7.3 HIGH· v4 7.3 HIGH· v3 N/A· v2 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafte...Show more A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process.Show less
CVE-2026-24682 1Freerdp 1Freerdp Feb 10, 2026 Feb 9, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_fo...Show more FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vulnerability is fixed in 3.22.0.Show less
CVE-2026-24679 1Freerdp 1Freerdp Feb 10, 2026 Feb 9, 2026 8.7 HIGH· v4 9.1 CRITICAL· v3 N/A· v2 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_u...Show more FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interface. This vulnerability is fixed in 3.22.0.Show less
CVE-2020-37162 1Wedding Slideshow Studio 1Wedding Slideshow Studio Feb 24, 2026 Feb 7, 2026 8.4 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608...Show more Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buffer overflow and execute commands through the registration key field.Show less
CVE-2026-25749 2Neovim Vim 2Neovim Vim Jun 9, 2026 Feb 6, 2026 N/A· v4 6.6 MEDIUM· v3 N/A· v2 Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is locat...Show more Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.Show less
CVE-2026-24925 1Huawei 1Harmonyos Feb 10, 2026 Feb 6, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24922 1Huawei 1Harmonyos Feb 10, 2026 Feb 6, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-25583 1Color 1Iccdev Feb 18, 2026 Feb 4, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIcc...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() when processing malformed ICC profile files via unchecked fread operation. This issue has been patched in version 2.3.1.3.Show less
CVE-2026-25582 1Color 1Iccdev Feb 18, 2026 Feb 4, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUInt16Float() when converting malformed XML to ICC profiles via iccFromXml tool. This issue has been patched in version 2.3.1.3.Show less
CVE-2026-1861 1Google 1Chrome Feb 11, 2026 Feb 3, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-65079 - - Feb 4, 2026 Feb 3, 2026 6.9 MEDIUM· v4 N/A· v3 N/A· v2 A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged use...Show more A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.Show less
CVE-2025-62799 2Debian Eprosima 2Debian Linux Fast Dds Feb 18, 2026 Feb 3, 2026 7.2 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG...Show more Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS DATA_FRAG packet where `fragmentSize` and `sampleSize` are craft ed to violate internal assumptions. Due to a 4-byte alignment step during fragment metadata initialization, the code write s past the end of the allocated payload buffer, causing immediate crash (DoS) and potentially enabling memory corruption ( RCE risk). Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.Show less
CVE-2025-62602 2Debian Eprosima 2Debian Linux Fast Dds Feb 18, 2026 Feb 3, 2026 1.7 LOW· v4 7.5 HIGH· v3 N/A· v2 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Su...Show more Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage are tampered with — specially `readOctetVector` reads an unchecked `vecsize` that is propagated unchanged into `readData` as the `length` parameter — the attacker-contro lled `vecsize` can trigger a 32-bit integer overflow during the `length` calculation. That overflow can cause large alloca tion attempt that quickly leads to OOM, enabling a remotely-triggerable denial-of-service and remote process termination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.Show less
CVE-2025-62601 1Eprosima 1Fast Dds Feb 18, 2026 Feb 3, 2026 1.7 LOW· v4 7.5 HIGH· v3 N/A· v2 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Su...Show more Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow, resulting in remote termination of Fast-DDS. If the fields of `PID_IDENTITY_TOKEN` or `PID_PERMISSIONS_TOKEN` in the DATA Submessage — specifically by tampering with the `str_size` value read by `readString` (called from `readBinaryProperty`) — are modified, a 32-bit integer overflow can occur, causing `std::vector::resize` to use an attacker-controlled size and quickly trigger heap buffer overflow and remote process term ination. Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.Show less
CVE-2025-62673 1Tp Link 1Archer Ax53 Firmware Mar 16, 2026 Feb 3, 2026 8.6 HIGH· v4 8.0 HIGH· v3 N/A· v2 Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packe...Show more Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tdpserver modules) allows adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a maliciously formed field.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.Show less

Previous 1...202122...116 Next