Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,316)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-61837 1Adobe 1Format Plugins Nov 13, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires u...Show more Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-62452 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Nov 14, 2025 Nov 11, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-62220 1Microsoft 1Windows Subsystem For Linux Nov 14, 2025 Nov 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
CVE-2025-62201 1Microsoft 5365 Apps ExcelOffice+2 more Nov 17, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-61829 1Adobe 1Illustrator On Ipad Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi...Show more Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-61827 1Adobe 1Illustrator On Ipad Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi...Show more Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-61820 1Adobe 1Illustrator Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...Show more Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-61819 1Adobe 1Photoshop Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir...Show more Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-60724 1Microsoft 16Office Office Long Term Servicing ChannelWindows 10 1607+13 more Nov 17, 2025 Nov 11, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-60715 1Microsoft 14Windows 10 1607 Windows 10 1809Windows 10 21h2+11 more Nov 17, 2025 Nov 11, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-60714 1Microsoft 11Windows 10 1607 Windows 10 1809Windows 10 21h2+8 more Nov 17, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.
CVE-2025-59504 1Microsoft 1Azure Monitor Agent Nov 17, 2025 Nov 11, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
CVE-2025-61832 1Adobe 1Indesign Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...Show more InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-61824 1Adobe 1Indesign Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r...Show more InDesign Desktop versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-61816 1Adobe 1Incopy Nov 12, 2025 Nov 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us...Show more InCopy versions 20.5, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-62689 1Gnu 1Libmicrohttpd Nov 14, 2025 Nov 10, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A speci...Show more NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.Show less
CVE-2025-9458 1Autodesk 1Shared Components Jan 22, 2026 Nov 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of th...Show more A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.Show less
CVE-2025-11458 1Google 1Chrome Nov 25, 2025 Nov 6, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
CVE-2025-11206 1Google 1Chrome Nov 13, 2025 Nov 6, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2025-11205 1Google 1Chrome Nov 13, 2025 Nov 6, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security...Show more Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)Show less

Previous 1...272829...116 Next