Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,312)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-30376 1Microsoft 5365 Apps ExcelOffice+2 more May 19, 2025 May 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29979 1Microsoft 5365 Apps ExcelOffice+2 more May 19, 2025 May 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29967 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more May 19, 2025 May 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29966 1Microsoft 17Remote Desktop Windows 10 1507Windows 10 1607+14 more May 19, 2025 May 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-29964 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more May 19, 2025 May 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29963 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more May 19, 2025 May 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29962 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more May 19, 2025 May 13, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-24063 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more May 19, 2025 May 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-47815 1Gnu 1Pspp Jun 12, 2025 May 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from zip_member_read_all) in zip-reader.c.
CVE-2025-47814 1Gnu 1Pspp Jun 12, 2025 May 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a heap-based buffer overflow in inflate_read (called indirectly from spv_read_xml_member) in zip-reader.c.
CVE-2025-3713 - - May 28, 2025 May 9, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-se...Show more The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.Show less
CVE-2025-3712 - - May 28, 2025 May 9, 2025 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-se...Show more The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.Show less
CVE-2025-1252 1Rti 1Connext Professional Jul 31, 2025 May 8, 2025 6.9 MEDIUM· v4 7.1 HIGH· v3 N/A· v2 Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6...Show more Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.1.0 before 6.1.2.23, from 6.0.0 before 6.0.1.42, from 5.3.0 before 5.3., from 4.4d before 5.2..Show less
CVE-2025-31177 1Gnuplot 1Gnuplot Jan 8, 2026 May 7, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
CVE-2025-32401 1Rt Labs 1P Net May 13, 2025 May 7, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to corrupt the memory of IO devices that use the library by sending a malicious RPC packet.
CVE-2025-32400 1Rt Labs 1P Net May 13, 2025 May 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
CVE-2025-32397 1Rt Labs 1P Net May 13, 2025 May 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
CVE-2025-32396 1Rt Labs 1P Net May 13, 2025 May 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An Heap-based Buffer Overflow in RT-Labs P-Net version 1.0.1 or earlier allows an attacker to induce a crash in IO devices that use the library by sending a malicious RPC packet.
CVE-2025-4355 1Dlink 1Dap 1520 Firmware May 13, 2025 May 6, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 9.0 HIGH· v2 A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is p...Show more A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-4096 1Google 1Chrome May 28, 2025 May 5, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Previous 1...414243...116 Next