← Back
CWE-122

2,313 CVEs • Abstraction: Variant • Likelihood of Exploit: High

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

JSON object

Loading...

CVEs (2,313)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-54268
1Adobe
1Bridge
Oct 17, 2025
Oct 15, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...Show more
Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-61804
1Adobe
1Animate
Oct 17, 2025
Oct 15, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir...Show more
Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-54282
1Adobe
1Framemaker
Oct 17, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more
Adobe Framemaker versions 2020.9, 2022.7 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-59295
1Microsoft
16Windows 10 1507
Windows 10 1607Windows 10 1809+13 more
Oct 17, 2025
Oct 14, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2025-59275
1Microsoft
15Windows 10 1507
Windows 10 1607Windows 10 1809+12 more
Oct 27, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59255
1Microsoft
11Windows 10 1809
Windows 10 21h2Windows 10 22h2+8 more
Oct 17, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59254
1Microsoft
14Windows 10 1507
Windows 10 1607Windows 10 1809+11 more
Oct 17, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59242
1Microsoft
16Windows 10 1507
Windows 10 1607Windows 10 1809+13 more
Oct 17, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-59191
1Microsoft
11Windows 10 1809
Windows 10 21h2Windows 10 22h2+8 more
Oct 17, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-58725
1Microsoft
16Windows 10 1507
Windows 10 1607Windows 10 1809+13 more
Nov 7, 2025
Oct 14, 2025
N/A· v4
7.0 HIGH· v3
N/A· v2
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
CVE-2025-58722
1Microsoft
13Windows 10 1607
Windows 10 1809Windows 10 21h2+10 more
Nov 7, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-55697
1Microsoft
2Windows Server 2022 23h2
Windows Server 2025
Oct 30, 2025
Oct 14, 2025
N/A· v4
7.8 HIGH· v3
N/A· v2
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.
CVE-2025-57740
1Fortinet
3Fortios
FortipamFortiproxy
Jun 9, 2026
Oct 14, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and b...Show more
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions, 1.0 all versions and FortiProxy version 7.6.2 and below, version 7.4.3 and below, 7.2 all versions, 7.0 all versions RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests.Show less
CVE-2025-22258
1Fortinet
5Fortios
FortipamFortiproxy+2 more
Oct 15, 2025
Oct 14, 2025
N/A· v4
7.2 HIGH· v3
N/A· v2
A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4...Show more
A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.2 through 7.0.16, FortiSwitchManager 7.2.1 through 7.2.5 allows attackers to escalate their privilege via specially crafted http requests.Show less
CVE-2024-50571
1Fortinet
6Fortianalyzer
Fortianalyzer CloudFortimanager+3 more
Jan 27, 2026
Oct 14, 2025
N/A· v4
7.2 HIGH· v3
N/A· v2
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all ve...Show more
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyzer 6.2 all versions, FortiAnalyzer 6.0 all versions, FortiAnalyzer Cloud 7.4.1 through 7.4.5, FortiAnalyzer Cloud 7.2.1 through 7.2.9, FortiAnalyzer Cloud 7.0.1 through 7.0.13, FortiAnalyzer Cloud 6.4 all versions, FortiManager 7.6.0 through 7.6.1, FortiManager 7.4.0 through 7.4.5, FortiManager 7.2.0 through 7.2.9, FortiManager 7.0.0 through 7.0.13, FortiManager 6.4 all versions, FortiManager 6.2 all versions, FortiManager 6.0 all versions, FortiManager Cloud 7.6.2, FortiManager Cloud 7.4.1 through 7.4.5, FortiManager Cloud 7.2.1 through 7.2.9, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4 all versions, FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiOS 6.2 all versions, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiProxy 7.2.0 through 7.2.12, FortiProxy 7.0.0 through 7.0.19, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions allows attacker to execute unauthorized code or commands via specifically crafted requests.Show less
CVE-2025-20720
2Mediatek
Openwrt
2Openwrt
Software Development Kit
Oct 15, 2025
Oct 14, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User inte...Show more
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.Show less
CVE-2025-20712
2Mediatek
Openwrt
2Openwrt
Software Development Kit
Oct 16, 2025
Oct 14, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User inte...Show more
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00422323; Issue ID: MSV-3810.Show less
CVE-2025-11495
1Gnu
1Binutils
May 12, 2026
Oct 8, 2025
1.9 LOW· v4
5.5 MEDIUM· v3
1.7 LOW· v2
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflo...Show more
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.Show less
CVE-2025-43912
1Dell
1Data Domain Operating System
Oct 14, 2025
Oct 7, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023...Show more
Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.Show less
CVE-2025-11277
1Assimp
1Assimp
Apr 29, 2026
Oct 5, 2025
1.9 LOW· v4
7.8 HIGH· v3
4.3 MEDIUM· v2
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to hea...Show more
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.Show less