Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,313)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54244 1Adobe 1Substance 3d Viewer Sep 12, 2025 Sep 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...Show more Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-54910 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Sep 12, 2025 Sep 9, 2025 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-54907 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Sep 12, 2025 Sep 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-54900 1Microsoft 5365 Apps ExcelOffice+2 more Sep 12, 2025 Sep 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54894 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 2, 2025 Sep 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2025-54113 1Microsoft 7Windows Server 2008 Windows Server 2012Windows Server 2016+4 more Oct 1, 2025 Sep 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-54091 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Oct 2, 2025 Sep 9, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-9951 - - Sep 9, 2025 Sep 9, 2025 7.2 HIGH· v4 N/A· v3 N/A· v2 A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.
CVE-2025-40930 - - Nov 4, 2025 Sep 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.
CVE-2025-40929 - - Nov 4, 2025 Sep 8, 2025 N/A· v4 5.6 MEDIUM· v3 N/A· v2 Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
CVE-2025-40928 - - Nov 4, 2025 Sep 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
CVE-2025-36853 - - Sep 8, 2025 Sep 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that ca...Show more A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().‍ Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.Show less
CVE-2025-57807 1Imagemagick 1Imagemagick Nov 3, 2025 Sep 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset bey...Show more ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.Show less
CVE-2025-32318 1Google 1Android Sep 8, 2025 Sep 5, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...Show more In Skia, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-32325 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...Show more In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-49714 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User inte...Show more In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-26455 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User int...Show more In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-36907 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock,...Show more In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB fastboot, after a bootloader unlock, with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2025-36906 1Google 1Android Sep 8, 2025 Sep 4, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges nee...Show more In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-36902 1Google 1Android Sep 5, 2025 Sep 4, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User i...Show more In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Show less

Previous 1...313233...116 Next