Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-12839 1Openexr 1Openexr Jan 15, 2026 Dec 23, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Acade...Show more Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947.Show less
CVE-2025-12495 1Openexr 1Openexr Jan 15, 2026 Dec 23, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Acade...Show more Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27946.Show less
CVE-2025-14935 1Unidata 1Netcdf Jan 13, 2026 Dec 23, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C....Show more NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of dimension names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27168.Show less
CVE-2025-14958 1Floooh 1Sokol Apr 29, 2026 Dec 19, 2025 1.9 LOW· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation res...Show more A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The patch is named 33e2271c431bf21de001e972f72da17a984da932. It is suggested to install a patch to address this issue.Show less
CVE-2025-14956 1Webassembly 1Binaryen Apr 29, 2026 Dec 19, 2025 1.9 LOW· v4 7.1 HIGH· v3 4.3 MEDIUM· v2 A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overf...Show more A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.Show less
CVE-2025-68469 1Imagemagick 1Imagemagick Dec 30, 2025 Dec 18, 2025 2.0 LOW· v4 3.3 LOW· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
CVE-2025-67873 1Capstone Engine 1Capstone Jan 2, 2026 Dec 17, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_ins...Show more Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.Show less
CVE-2025-9457 1Autodesk 1Shared Components Jan 22, 2026 Dec 16, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of th...Show more A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.Show less
CVE-2025-10881 1Autodesk 1Shared Components Dec 19, 2025 Dec 16, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data...Show more A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2025-14673 1Gmg137 1Snap7 Rs Apr 29, 2026 Dec 14, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer ove...Show more A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-14672 1Gmg137 1Snap7 Rs Apr 29, 2026 Dec 14, 2025 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffer overflow. It is pos...Show more A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.Show less
CVE-2025-67896 1Exim 1Exim Dec 22, 2025 Dec 14, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
CVE-2025-36923 1Google 1Android Dec 12, 2025 Dec 11, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no addi...Show more In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-64784 1Adobe 1Dng Software Development Kit Dec 10, 2025 Dec 9, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose...Show more DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage this vulnerability to disclose sensitive memory information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-64680 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Dec 12, 2025 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64679 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Dec 12, 2025 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64678 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Dec 10, 2025 Dec 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-62470 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Dec 12, 2025 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-62458 1Microsoft 10Windows 10 1607 Windows 10 1809Windows 10 21h2+7 more Dec 12, 2025 Dec 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-62456 1Microsoft 6Windows 11 23h2 Windows 11 24h2Windows 11 25h2+3 more Dec 12, 2025 Dec 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network.

Previous 1...252627...116 Next