Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,312)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-20686 2Mediatek Openwrt 2Openwrt Software Development Kit Jul 9, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction i...Show more In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00415570; Issue ID: MSV-3404.Show less
CVE-2025-20685 2Mediatek Openwrt 2Openwrt Software Development Kit Jul 9, 2025 Jul 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction i...Show more In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00416226; Issue ID: MSV-3409.Show less
CVE-2025-20680 1Mediatek 1Nbiot Sdk Jul 14, 2025 Jul 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for ex...Show more In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482.Show less
CVE-2025-53184 1Huawei 1Harmonyos Jul 9, 2025 Jul 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53183 1Huawei 1Harmonyos Jul 9, 2025 Jul 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53182 1Huawei 1Harmonyos Jul 9, 2025 Jul 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53181 1Huawei 1Harmonyos Jul 9, 2025 Jul 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53180 1Huawei 1Harmonyos Jul 9, 2025 Jul 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-53179 1Huawei 1Harmonyos Jul 9, 2025 Jul 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Null pointer dereference vulnerability in the PDF preview module Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-7069 1Hdfgroup 1Hdf5 Apr 29, 2026 Jul 4, 2025 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is pos...Show more A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-7067 1Hdfgroup 1Hdf5 Apr 29, 2026 Jul 4, 2025 1.9 LOW· v4 5.5 MEDIUM· v3 1.7 LOW· v2 A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow....Show more A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-45029 - - Jul 3, 2025 Jul 2, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.
CVE-2025-48379 1Python 1Pillow Oct 15, 2025 Jul 1, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into...Show more Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only affects users who save untrusted data as a compressed DDS image. This issue has been patched in version 11.3.0.Show less
CVE-2024-46993 - - Jul 3, 2025 Jul 1, 2025 4.4 MEDIUM· v4 N/A· v3 N/A· v2 Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.creat...Show more Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heap buffer overflow. An Electron program that uses either of the affected functions is vulnerable to a buffer overflow if an attacker is in control of the image's height, width, and contents. This issue has been patched in versions 28.3.2, 29.3.3, and 30.0.3. There are no workarounds for this issue.Show less
CVE-2025-6818 1Hdfgroup 1Hdf5 Apr 29, 2026 Jun 28, 2025 1.9 LOW· v4 7.8 HIGH· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has...Show more A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.Show less
CVE-2023-28905 - - Jun 30, 2025 Jun 28, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infota...Show more A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.Show less
CVE-2025-6816 1Hdfgroup 1Hdf5 Apr 29, 2026 Jun 28, 2025 1.9 LOW· v4 3.3 LOW· v3 1.7 LOW· v2 A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is pos...Show more A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6750 1Hdfgroup 1Hdf5 Apr 29, 2026 Jun 27, 2025 1.9 LOW· v4 3.3 LOW· v3 1.7 LOW· v2 A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer ov...Show more A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-6660 1Pdf Xchange 3Pdf Tools Pdf Xchange EditorPdf Xchange Pro Jul 7, 2025 Jun 25, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. Us...Show more PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763.Show less
CVE-2025-5830 1Autel 9Maxicharger Ac Elite Business C50 Firmware Maxicharger Ac Pro FirmwareMaxicharger Ac Ultra Firmware+6 more Sep 10, 2025 Jun 25, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected install...Show more Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DLB_SlaveRegister messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26327.Show less

Previous 1...383940...116 Next