Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVEs (2,307)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24050 1Microsoft 12Windows 10 1607 Windows 10 1809Windows 10 21h2+9 more Jul 2, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-24048 1Microsoft 11Windows 10 1607 Windows 10 1809Windows 10 21h2+8 more Jul 2, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-21180 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 3, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.
CVE-2025-21169 1Adobe 1Substance 3d Designer Apr 28, 2025 Mar 11, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req...Show more Substance3D - Designer versions 14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.Show less
CVE-2025-2153 1Hdfgroup 1Hdf5 Mar 13, 2025 Mar 10, 2025 2.3 LOW· v4 8.1 HIGH· v3 5.1 MEDIUM· v2 A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow....Show more A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-2152 1Assimp 1Assimp Mar 13, 2025 Mar 10, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the compone...Show more A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2024-41147 1Mackron 1Miniaudio Aug 26, 2025 Mar 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a ma...Show more An out-of-bounds write vulnerability exists in the ma_dr_flac__decode_samples__lpc functionality of Miniaudio miniaudio v0.11.21. A specially crafted .flac file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2025-1943 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Mar 4, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code....Show more Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136.Show less
CVE-2025-1788 1Rizin 1Rizin Aug 25, 2025 Mar 1, 2025 4.8 MEDIUM· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow...Show more A vulnerability, which was classified as critical, was found in rizinorg rizin up to 0.8.0. This affects the function rz_utf8_encode in the library /librz/util/utf8.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.Show less
CVE-2025-22881 1Deltaww 1Cncsoft G2 Jul 11, 2025 Feb 26, 2025 8.4 HIGH· v4 7.8 HIGH· v3 N/A· v2 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker...Show more Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.Show less
CVE-2024-27245 1Zoom 5Meeting Software Development Kit RoomsWorkplace+2 more Aug 20, 2025 Feb 25, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
CVE-2024-45421 1Zoom 7Meeting Software Development Kit RoomsRooms Controller+4 more Mar 5, 2025 Feb 25, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2025-1538 1Dlink 1Dap 1320 Firmware Feb 25, 2025 Feb 21, 2025 8.7 HIGH· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The atta...Show more A vulnerability classified as critical was found in D-Link DAP-1320 1.00. Affected by this vulnerability is the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.Show less
CVE-2025-27091 1Cisco 1Openh264 May 6, 2025 Feb 20, 2025 8.6 HIGH· v4 7.5 HIGH· v3 N/A· v2 OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap ov...Show more OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulnerability is due to a race condition between a Sequence Parameter Set (SPS) memory allocation and a subsequent non Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker could exploit this vulnerability by crafting a malicious bitstream and tricking a victim user into processing an arbitrary video containing the malicious bistream. An exploit could allow the attacker to cause an unexpected crash in the victim's user decoding client and, possibly, perform arbitrary commands on the victim's host by abusing the heap overflow. This vulnerability affects OpenH264 2.5.0 and earlier releases. Both Scalable Video Coding (SVC) mode and Advanced Video Coding (AVC) mode are affected by this vulnerability. OpenH264 software releases 2.6.0 and later contained the fix for this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### For more information If you have any questions or comments about this advisory: * [Open an issue in cisco/openh264](https://github.com/cisco/openh264/issues) * Email Cisco Open Source Security ([oss-security@cisco.com](mailto:oss-security@cisco.com)) and Cisco PSIRT ([psirt@cisco.com](mailto:psirt@cisco.com)) ### Credits: * Research: Octavian Guzu and Andrew Calvano of Meta * Fix ideation: Philipp Hancke and Shyam Sadhwani of Meta * Fix implementation: Benzheng Zhang (@BenzhengZhang) * Release engineering: Benzheng Zhang (@BenzhengZhang)Show less
CVE-2025-1426 1Google 1Chrome Apr 7, 2025 Feb 19, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0999 1Google 1Chrome Apr 7, 2025 Feb 19, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-0633 - - Feb 19, 2025 Feb 19, 2025 5.1 MEDIUM· v4 N/A· v3 N/A· v2 Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
CVE-2025-22920 - - Feb 19, 2025 Feb 18, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead t...Show more A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).Show less
CVE-2024-53310 - - Mar 19, 2025 Feb 13, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. The vulnerability occ...Show more A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. The vulnerability occurs due to improper handling of file input with overly long characters, leading to memory corruption. This can result in arbitrary code execution or denial of service.Show less
CVE-2024-37601 1Mercedes Benz 1Headunit Ntg6 Mercedes Benz User Experience Jun 27, 2025 Feb 13, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the...Show more An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically.Show less

Previous 1...464748...116 Next