Export limit exceeded: 359603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6660 | 1 Pdf-xchange | 3 Pdf-tools, Pdf-xchange Editor, Pdf-xchange Pro | 2025-07-07 | N/A |
| PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-26763. | ||||
| CVE-2024-39133 | 1 Zziplib Project | 1 Zziplib | 2025-07-07 | 4.3 Medium |
| Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. | ||||
| CVE-2025-6816 | 1 Hdfgroup | 1 Hdf5 | 2025-07-06 | 3.3 Low |
| A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-25048 | 1 Ibm | 1 Mq Appliance | 2025-07-03 | 7.5 High |
| IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137. | ||||
| CVE-2023-4322 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2025-07-03 | 9.8 Critical |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | ||||
| CVE-2025-6269 | 1 Hdfgroup | 1 Hdf5 | 2025-07-02 | 5.3 Medium |
| A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-2975 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | 8.8 High |
| A race condition was identified through which privilege escalation was possible in certain configurations. | ||||
| CVE-2025-6750 | 1 Hdfgroup | 1 Hdf5 | 2025-07-01 | 3.3 Low |
| A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-28231 | 1 Eprosima | 1 Fast Dds | 2025-06-30 | 9.7 Critical |
| eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. | ||||
| CVE-2023-34318 | 3 Fedoraproject, Redhat, Sound Exchange Project | 4 Extra Packages For Enterprise Linux, Fedora, Enterprise Linux and 1 more | 2025-06-27 | 7.8 High |
| A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure. | ||||
| CVE-2024-37601 | 1 Mercedes-benz | 1 Headunit Ntg6 Mercedes-benz User Experience | 2025-06-27 | 4.6 Medium |
| An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6. A possible heap buffer overflow exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With prepared data, an attacker can cause the User-Data service to fail. The failed service instance will restart automatically. | ||||
| CVE-2025-6516 | 1 Hdfgroup | 1 Hdf5 | 2025-06-26 | 5.3 Medium |
| A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-43305 | 2 Clickhouse, Debian | 2 Clickhouse, Debian Linux | 2025-06-25 | 8.8 High |
| Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. | ||||
| CVE-2021-43304 | 2 Clickhouse, Debian | 2 Clickhouse, Debian Linux | 2025-06-25 | 8.8 High |
| Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. | ||||
| CVE-2024-24474 | 1 Qemu | 1 Qemu | 2025-06-25 | 8.8 High |
| QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. | ||||
| CVE-2021-40426 | 1 Sound Exchange Project | 1 Sound Exchange | 2025-06-24 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-56737 | 1 Gnu | 1 Grub2 | 2025-06-24 | 8.8 High |
| GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. | ||||
| CVE-2024-22058 | 1 Ivanti | 1 Endpoint Manager | 2025-06-20 | N/A |
| A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older. | ||||
| CVE-2024-36702 | 1 Mz-automation | 1 Libiec61850 | 2025-06-18 | 7.4 High |
| libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. | ||||
| CVE-2023-4264 | 1 Zephyrproject | 1 Zephyr | 2025-06-18 | 7.1 High |
| Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. | ||||