Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,312)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-7207 1Mruby 1Mruby Apr 29, 2026 Jul 9, 2025 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulat...Show more A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.Show less
CVE-2025-47131 1Adobe 1Framemaker Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-47125 1Adobe 1Framemaker Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-47123 1Adobe 1Framemaker Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-47122 1Adobe 1Framemaker Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue...Show more Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-47099 1Adobe 1Incopy Jul 11, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires us...Show more InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-47134 1Adobe 1Indesign Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-47103 1Adobe 1Indesign Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-43591 1Adobe 1Indesign Jul 10, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...Show more InDesign Desktop versions 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-43582 1Adobe 1Substance 3d Viewer Jul 11, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. Exploitation of...Show more Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope unchanged. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-49753 1Microsoft 7Windows Server 2008 Windows Server 2012Windows Server 2016+4 more Jul 17, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49744 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jul 17, 2025 Jul 8, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49742 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 17, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.
CVE-2025-49732 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 16, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-49730 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 16, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.
CVE-2025-49729 1Microsoft 7Windows Server 2008 Windows Server 2012Windows Server 2016+4 more Jul 16, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-49727 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 16, 2025 Jul 8, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-49721 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 16, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Fast FAT Driver allows an unauthorized attacker to elevate privileges locally.
CVE-2025-49717 1Microsoft 2Sql Server 2019 Sql Server 2022 Jul 17, 2025 Jul 8, 2025 N/A· v4 8.5 HIGH· v3 N/A· v2 Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.
CVE-2025-49705 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jul 16, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Previous 1...363738...116 Next