Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,312)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-32718 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Jul 10, 2025 Jun 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
CVE-2025-32713 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 10, 2025 Jun 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-30317 1Adobe 1Indesign Jun 16, 2025 Jun 10, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-5915 2Libarchive Redhat 3Enterprise Linux LibarchiveOpenshift Container Platform Jan 8, 2026 Jun 9, 2025 N/A· v4 6.6 MEDIUM· v3 N/A· v2 A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This mean...Show more A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.Show less
CVE-2025-5750 1Wolfbox 1Level 2 Ev Charger Firmware Aug 14, 2025 Jun 6, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected i...Show more WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOLFBOX Level 2 EV Charger. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the secKey, localKey, stdTimeZone and devId parameters. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-26294.Show less
CVE-2024-56805 1Qnap 2Qts Quts Hero Sep 23, 2025 Jun 6, 2025 5.3 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash proce...Show more A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and laterShow less
CVE-2025-48910 1Huawei 1Harmonyos Jul 11, 2025 Jun 6, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-1051 1Sonos 1Era 300 Firmware Aug 15, 2025 Jun 2, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not requi...Show more Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.Show less
CVE-2025-48990 - - Jun 2, 2025 Jun 2, 2025 8.6 HIGH· v4 N/A· v3 N/A· v2 NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the dest...Show more NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.Show less
CVE-2025-20672 1Mediatek 5Mt7902 Firmware Mt7921 FirmwareMt7922 Firmware+2 more Jul 2, 2025 Jun 2, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for ex...Show more In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.Show less
CVE-2025-44905 1Hdfgroup 1Hdf5 Jun 3, 2025 May 30, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
CVE-2025-44904 1Hdfgroup 1Hdf5 Jun 3, 2025 May 30, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
CVE-2025-48797 - - Nov 3, 2025 May 27, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentiall...Show more A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.Show less
CVE-2025-23123 - - May 19, 2025 May 19, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
CVE-2025-40906 - - Sep 5, 2025 May 16, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0...Show more BSON::XS versions 0.8.4 and earlier for Perl includes a bundled libbson 1.1.7, which has several vulnerabilities. Those include CVE-2017-14227, CVE-2018-16790, CVE-2023-0437, CVE-2024-6381, CVE-2024-6383, and CVE-2025-0755. BSON-XS was the official Perl XS implementation of MongoDB's BSON serialization, but this distribution has reached its end of life as of August 13, 2020 and is no longer supported.Show less
CVE-2025-40907 1Fastcgi 1Fcgi Sep 29, 2025 May 16, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant he...Show more FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library. The included FastCGI library is affected by CVE-2025-23016, causing an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.Show less
CVE-2025-2900 1Ibm 1Semeru Runtime Aug 19, 2025 May 14, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash...Show more IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation.Show less
CVE-2025-47436 1Apache 1Orc Jul 14, 2025 May 14, 2025 6.0 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 25...Show more Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it. It causes memory corruption. This issue affects Apache ORC C++ library: through 1.8.8, from 1.9.0 through 1.9.5, from 2.0.0 through 2.0.4, from 2.1.0 through 2.1.1. Users are recommended to upgrade to version 1.8.9, 1.9.6, 2.0.5, and 2.1.2, which fix the issue.Show less
CVE-2025-30330 1Adobe 1Illustrator May 15, 2025 May 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir...Show more Illustrator versions 29.3, 28.7.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-30388 1Microsoft 17Office Office Long Term Servicing ChannelWindows 10 1507+14 more May 19, 2025 May 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

Previous 1...404142...116 Next