Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-20957 1Microsoft 5365 Apps ExcelOffice+2 more Jan 14, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20922 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jan 15, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20876 1Microsoft 5Windows 11 23h2 Windows 11 24h2Windows 11 25h2+2 more Jan 15, 2026 Jan 13, 2026 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2026-20868 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Feb 10, 2026 Jan 13, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-20864 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more May 26, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20840 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jan 15, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20837 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jan 15, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-20820 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Jan 14, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20809 1Microsoft 13Windows 10 1607 Windows 10 1809Windows 10 21h2+10 more Jan 14, 2026 Jan 13, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
CVE-2025-25249 1Fortinet 3Fortios FortisaseFortiswitchmanager Jun 9, 2026 Jan 13, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7....Show more A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, FortiSwitchManager 7.0.0 through 7.0.5 allows attacker to execute unauthorized code or commands via specially crafted packetsShow less
CVE-2026-0822 1Quickjs Ng 1Quickjs Apr 29, 2026 Jan 10, 2026 2.1 LOW· v4 8.8 HIGH· v3 7.5 HIGH· v2 A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of t...Show more A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function js_typed_array_sort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 53eefbcd695165a3bd8c584813b472cb4a69fbf5. To fix this issue, it is recommended to deploy a patch.Show less
CVE-2026-0821 1Quickjs Ng 1Quickjs Apr 29, 2026 Jan 10, 2026 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow...Show more A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This patch is called c5d80831e51e48a83eab16ea867be87f091783c5. A patch should be applied to remediate this issue.Show less
CVE-2026-22697 1Nasa 1Cryptolib Jan 16, 2026 Jan 10, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a groun...Show more CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, CryptoLib’s KMC crypto service integration is vulnerable to a heap buffer overflow when decoding Base64-encoded ciphertext/cleartext fields returned by the KMC service. The decode destination buffer is sized using an expected output length (len_data_out), but the Base64 decoder writes output based on the actual Base64 input length and does not enforce any destination size limit. An oversized Base64 string in the KMC JSON response can cause out-of-bounds writes on the heap, resulting in process crash and potentially code execution under certain conditions. This issue has been patched in version 1.4.3.Show less
CVE-2026-22027 1Nasa 1Cryptolib Jan 15, 2026 Jan 10, 2026 5.7 MEDIUM· v4 6.0 MEDIUM· v3 N/A· v2 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a groun...Show more CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.3, the convert_hexstring_to_byte_array() function in the MariaDB SA interface writes decoded bytes into a caller-provided buffer without any capacity check. When importing SA fields from the database (e.g., IV, ARSN, ABM), a malformed or oversized hex string in the database can overflow the destination buffer, corrupting adjacent heap memory. This issue has been patched in version 1.4.3.Show less
CVE-2025-46643 1Dell 1Data Domain Operating System Feb 5, 2026 Jan 9, 2026 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023...Show more Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release version 8.3.1.10, LTS2024 release versions 7.13.1.0 through 7.13.1.40, LTS 2023 release versions 7.10.1.0 through 7.10.1.70, contain a Heap-based Buffer Overflow vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.Show less
CVE-2026-21682 1Color 1Iccdev Jan 14, 2026 Jan 7, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-o...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.Show less
CVE-2026-21678 1Color 1Iccdev Jan 13, 2026 Jan 7, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerab...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.Show less
CVE-2026-21504 1Color 1Iccdev Jan 9, 2026 Jan 7, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the T...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.Show less
CVE-2026-21494 1Color 1Iccdev Jan 12, 2026 Jan 6, 2026 N/A· v4 7.1 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.Show less
CVE-2026-21491 1Color 1Iccdev Jan 12, 2026 Jan 6, 2026 N/A· v4 7.1 HIGH· v3 N/A· v2 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2...Show more iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.Show less

Previous 1...232425...116 Next