Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,312)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-54630 1Huawei 1Harmonyos Sep 20, 2025 Aug 6, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 :Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-7033 1Rockwellautomation 1Arena Aug 7, 2025 Aug 5, 2025 8.4 HIGH· v4 7.8 HIGH· v3 N/A· v2 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a ba...Show more A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.Show less
CVE-2025-7025 1Rockwellautomation 1Arena Aug 7, 2025 Aug 5, 2025 8.4 HIGH· v4 7.8 HIGH· v3 N/A· v2 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a ba...Show more A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space. Successful use requires user action, such as opening a bad file or webpage. If used, a threat actor could execute code or disclose information.Show less
CVE-2025-54574 1Squid Cache 1Squid Nov 5, 2025 Aug 1, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has be...Show more Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.Show less
CVE-2025-48071 1Openexr 1Openexr Aug 13, 2025 Jul 31, 2025 8.4 HIGH· v4 7.8 HIGH· v3 N/A· v2 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow duri...Show more OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. This is fixed in version 3.3.3.Show less
CVE-2025-31280 1Apple 1Macos Nov 3, 2025 Jul 30, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption.
CVE-2025-5043 1Autodesk 1Shared Components Aug 19, 2025 Jul 29, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive da...Show more A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2025-8178 1Tenda 1Ac10 Firmware Aug 1, 2025 Jul 26, 2025 7.4 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buff...Show more A vulnerability classified as critical has been found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /goform/RequestsProcessLaid. The manipulation of the argument device1D leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-51089 1Tenda 1Ac8 Firmware Jul 28, 2025 Jul 24, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Tenda AC8V4 V16.03.34.06` was discovered to contain heap overflow at /goform/GetParentControlInfo.The manipulation of the argument `mac` leads to heap-based buffer overflow.
CVE-2025-40597 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Aug 7, 2025 Jul 23, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-4657 - - Jul 17, 2025 Jul 17, 2025 8.4 HIGH· v4 6.7 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated pri...Show more A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.Show less
CVE-2025-53816 17 Zip 17 Zip May 11, 2026 Jul 17, 2025 5.5 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains...Show more 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.Show less
CVE-2025-24477 1Fortinet 1Fortios Feb 10, 2026 Jul 15, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI comm...Show more A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI commandShow less
CVE-2024-42648 1Emqx 1Nanomq Jul 16, 2025 Jul 14, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.
CVE-2025-7545 1Gnu 1Binutils May 12, 2026 Jul 13, 2025 1.9 LOW· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow....Show more A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.Show less
CVE-2025-53630 - - Jul 15, 2025 Jul 10, 2025 8.9 HIGH· v4 N/A· v3 N/A· v2 llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26...Show more llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the gguf_init_from_file_impl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579.Show less
CVE-2025-5040 1Autodesk 1Revit Aug 19, 2025 Jul 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbit...Show more A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2025-32990 2Gnu Redhat 3Enterprise Linux GnutlsOpenshift Container Platform Apr 20, 2026 Jul 10, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an...Show more A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.Show less
CVE-2025-49604 - - Sep 22, 2025 Jul 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLA...Show more For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow.Show less
CVE-2025-7208 19fans 1Plan9port Apr 29, 2026 Jul 9, 2025 2.0 LOW· v4 9.8 CRITICAL· v3 5.2 MEDIUM· v2 A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based b...Show more A vulnerability was found in 9fans plan9port up to 9da5b44. It has been classified as critical. This affects the function edump in the library /src/plan9port/src/libsec/port/x509.c. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is b3e06559475b0130a7a2fb56ac4d131d13d2012f. It is recommended to apply a patch to fix this issue.Show less

Previous 1...353637...116 Next