Heap-Overflow

The `Oj.dump` function in the Ruby `oj` gem, when operating in object mode, is vulnerable to a heap buffer overflow (CVE-2026-54896) when serializing `Exception` objects with an excessively large `:indent` value, leading to memory corruption and potential denial of service or remote code execution.

A remote exploit is available for strongSwan 5.9.13 exploiting a heap buffer overflow in the libsimaka EAP-SIM/AKA module (CVE-2026-35330), enabling pre-authentication exploitation via a malformed EAP-SIM/AKA payload.

A heap overflow vulnerability exists within the DICOM file format, potentially allowing an attacker to target an Orthanc server during image uploads, leading to an out-of-bounds write.

A heap-based buffer overflow vulnerability exists in MediaArea MediaInfoLib's handling of LXF elements, potentially leading to arbitrary code execution when processing maliciously crafted media files; assigned CVE-2026-28764, CVSS 7.8.

Microsoft disclosed CVE-2026-42944, a heap overflow vulnerability related to the processing of multiple NSID, COOKIE, and PADDING EDNS options in an unspecified product.

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability, tracked as CVE-2009-3459, that could allow remote attackers to execute arbitrary code via a crafted PDF file.

CVE-2026-45584 is a heap-based buffer overflow vulnerability in Microsoft Defender that allows an unauthorized attacker to execute arbitrary code over a network.

A heap buffer over-write vulnerability exists in ImageMagick's IPL decoder when processing multiple images of different dimensions, affecting Magick.NET packages prior to version 14.13.1 and potentially leading to arbitrary code execution.

CVE-2026-44662 is a critical heap buffer overflow vulnerability in rust-openssl during encryption with AES key-wrap-with-padding, potentially leading to arbitrary code execution or denial of service.

A heap-based buffer overflow vulnerability in Siemens Simcenter Femap, tracked as CVE-2025-12659, can be exploited by tricking a user into opening a malicious IPT file, leading to remote code execution.

NGINX Plus and NGINX Open Source are vulnerable to a heap buffer overflow (CVE-2026-42945) due to crafted HTTP requests when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed PCRE capture with a replacement string that includes a question mark, potentially leading to denial of service or code execution.

CVE-2026-0264 is a heap-based buffer overflow vulnerability in Palo Alto Networks PAN-OS DNS proxy and DNS server features, allowing an unauthenticated attacker with network access to cause denial of service or potentially execute arbitrary code by sending crafted network traffic.

CVE-2026-42831 is a heap-based buffer overflow vulnerability in Microsoft Office, allowing a local attacker to execute arbitrary code with a CVSS score of 7.8.

CVE-2026-40407 is a heap-based buffer overflow vulnerability in the Windows Common Log File System (CLFS) Driver, enabling a locally authenticated attacker to escalate privileges on the system.

CVE-2026-40403 is a heap-based buffer overflow vulnerability in Windows Win32K - GRFX that allows an authorized local attacker to execute arbitrary code, potentially leading to privilege escalation and code execution.

CVE-2026-35421 is a heap-based buffer overflow vulnerability in Windows Graphics Device Interface (GDI) that allows an unauthorized attacker to execute arbitrary code locally with elevated privileges.

CVE-2026-34329 is a heap-based buffer overflow in Windows Message Queuing, enabling an unauthenticated attacker on an adjacent network to achieve remote code execution.

barebox versions prior to 2026.04.0 are vulnerable to memory-safety issues in the EFI PE loader (CVE-2026-34963), potentially allowing code execution via malicious EFI PE binaries.

A heap buffer overflow vulnerability in BusyBox's DHCPv6 client allows network-adjacent attackers to trigger memory corruption, denial of service, or arbitrary code execution via crafted DHCPv6 responses.

A heap buffer overflow vulnerability exists in the WebRTC component of Google Chrome and Microsoft Edge (Chromium-based), potentially leading to code execution.

CVE-2026-7353 is a heap buffer overflow vulnerability in the Skia graphics library used by Chromium, affecting both Google Chrome and Microsoft Edge.

A heap buffer overflow vulnerability exists in NTFS-3G versions 2022.10.3 before 2026.2.25 that allows for heap memory corruption by processing a crafted NTFS image with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.

Creolabs Gravity before 0.9.6 is vulnerable to a heap buffer overflow in the gravity_vm_exec function, allowing attackers to achieve arbitrary code execution by crafting scripts with many string literals at global scope that exploit insufficient bounds checking in gravity_fiber_reassign().

Adobe InDesign versions 20.5.2, 21.2 and earlier are vulnerable to a heap-based buffer overflow (CVE-2026-34629) that could lead to arbitrary code execution if a user opens a malicious file.

CVE-2026-32087 is a heap-based buffer overflow vulnerability in the Function Discovery Service (fdwsd.dll) that allows an authorized local attacker to elevate privileges on a Windows system.

CVE-2026-22828 is a heap-based buffer overflow in Fortinet FortiAnalyzer and FortiManager Cloud versions 7.6.2 through 7.6.4, potentially allowing a remote unauthenticated attacker to execute arbitrary code with a significant preparation effort due to ASLR and network segmentation.

A heap out-of-bounds write vulnerability exists in OpenEXR's DWA lossy decoder due to integer overflow during block pointer calculation, triggered via crafted DWAA files, leading to crashes during DCT execution.

A heap-based buffer overflow vulnerability (CVE-2026-24660) exists in the x3f_load_huffman functionality of LibRaw commit d20315b, where a specially crafted malicious file can lead to a heap buffer overflow.

A memory corruption vulnerability (CVE-2026-21372) exists when processing IOCTL requests with invalid buffer sizes leading to a heap-based buffer overflow, reported by Qualcomm with a CVSS v3.1 score of 7.8.

A heap overflow vulnerability in the HiLCOS web interface of Hirschmann Industrial IT products (CVE-2024-14033) allows unauthenticated remote attackers to cause a denial-of-service condition by sending specially crafted requests, leading to device crashes and service disruption, particularly when the Public Spot functionality is enabled.

A remote attacker can exploit a heap buffer overflow vulnerability (CVE-2026-4673) in Google Chrome's WebAudio component before version 146.0.7680.165 by crafting a malicious HTML page, potentially leading to an out-of-bounds memory write and arbitrary code execution.

An unpatched vulnerability in QEMU's virtio-snd component allows for a hypervisor escape due to an uncontrolled heap overflow.

CVE-2026-41445 is a reported integer overflow vulnerability in the KissFFT library that could lead to a heap buffer overflow.

CVE-2023-21716 is a critical heap-based buffer overflow vulnerability in Microsoft Word 2016's RTF parser, triggered by a malformed RTF file, leading to remote code execution on Windows 7.

A heap buffer overflow vulnerability, CVE-2026-33846, exists in the DTLS handshake fragment reassembly logic of GnuTLS, allowing unauthenticated remote attackers to cause application crashes or potential memory corruption by sending crafted DTLS fragments with conflicting message lengths.