Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,307)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-2309 1Hdfgroup 1Hdf5 May 28, 2025 Mar 14, 2025 4.8 MEDIUM· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow...Show more A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.Show less
CVE-2025-2308 1Hdfgroup 1Hdf5 May 28, 2025 Mar 14, 2025 4.8 MEDIUM· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffe...Show more A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release.Show less
CVE-2025-1651 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Aug 19, 2025 Mar 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute a...Show more A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2025-1429 1Autodesk 9Advance Steel AutocadAutocad Architecture+6 more Aug 19, 2025 Mar 13, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute a...Show more A maliciously crafted MODEL file, when parsed through Autodesk AutoCAD, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.Show less
CVE-2025-2019 1Ashlar 1Cobalt Aug 8, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt...Show more Ashlar-Vellum Cobalt VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25252.Show less
CVE-2025-27173 1Adobe 1Substance 3d Modeler Apr 18, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue re...Show more Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27177 1Adobe 1Indesign Apr 14, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-27171 1Adobe 1Indesign Apr 28, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-24453 1Adobe 1Indesign Apr 28, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss...Show more InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-24443 1Adobe 1Substance 3d Sampler Apr 1, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...Show more Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-24439 1Adobe 1Substance 3d Sampler Apr 1, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...Show more Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-26634 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 21h2+9 more Jul 3, 2025 Mar 11, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
CVE-2025-24995 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jul 3, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-24993 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 27, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2025-24985 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Oct 27, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
CVE-2025-24067 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jul 3, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
CVE-2025-24066 1Microsoft 10Windows 10 1507 Windows 10 1607Windows 10 21h2+7 more Jul 2, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2025-24057 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jul 2, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-24056 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 2, 2025 Mar 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
CVE-2025-24051 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 2, 2025 Mar 11, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Previous 1...454647...116 Next