Heap-Overflow

A heap buffer overflow vulnerability in BusyBox's DHCPv6 client allows network-adjacent attackers to trigger memory corruption, denial of service, or arbitrary code execution via crafted DHCPv6 responses.

A heap buffer overflow vulnerability exists in the WebRTC component of Google Chrome and Microsoft Edge (Chromium-based), potentially leading to code execution.

CVE-2026-7353 is a heap buffer overflow vulnerability in the Skia graphics library used by Chromium, affecting both Google Chrome and Microsoft Edge.

A heap buffer overflow vulnerability exists in NTFS-3G versions 2022.10.3 before 2026.2.25 that allows for heap memory corruption by processing a crafted NTFS image with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs.

Creolabs Gravity before 0.9.6 is vulnerable to a heap buffer overflow in the gravity_vm_exec function, allowing attackers to achieve arbitrary code execution by crafting scripts with many string literals at global scope that exploit insufficient bounds checking in gravity_fiber_reassign().

Adobe InDesign versions 20.5.2, 21.2 and earlier are vulnerable to a heap-based buffer overflow (CVE-2026-34629) that could lead to arbitrary code execution if a user opens a malicious file.

CVE-2026-32087 is a heap-based buffer overflow vulnerability in the Function Discovery Service (fdwsd.dll) that allows an authorized local attacker to elevate privileges on a Windows system.

CVE-2026-22828 is a heap-based buffer overflow in Fortinet FortiAnalyzer and FortiManager Cloud versions 7.6.2 through 7.6.4, potentially allowing a remote unauthenticated attacker to execute arbitrary code with a significant preparation effort due to ASLR and network segmentation.

A heap out-of-bounds write vulnerability exists in OpenEXR's DWA lossy decoder due to integer overflow during block pointer calculation, triggered via crafted DWAA files, leading to crashes during DCT execution.

A heap-based buffer overflow vulnerability (CVE-2026-24660) exists in the x3f_load_huffman functionality of LibRaw commit d20315b, where a specially crafted malicious file can lead to a heap buffer overflow.

A memory corruption vulnerability (CVE-2026-21372) exists when processing IOCTL requests with invalid buffer sizes leading to a heap-based buffer overflow, reported by Qualcomm with a CVSS v3.1 score of 7.8.

A heap overflow vulnerability in the HiLCOS web interface of Hirschmann Industrial IT products (CVE-2024-14033) allows unauthenticated remote attackers to cause a denial-of-service condition by sending specially crafted requests, leading to device crashes and service disruption, particularly when the Public Spot functionality is enabled.

A remote attacker can exploit a heap buffer overflow vulnerability (CVE-2026-4673) in Google Chrome's WebAudio component before version 146.0.7680.165 by crafting a malicious HTML page, potentially leading to an out-of-bounds memory write and arbitrary code execution.

An unpatched vulnerability in QEMU's virtio-snd component allows for a hypervisor escape due to an uncontrolled heap overflow.

CVE-2026-41445 is a reported integer overflow vulnerability in the KissFFT library that could lead to a heap buffer overflow.

A heap buffer overflow vulnerability, CVE-2026-33846, exists in the DTLS handshake fragment reassembly logic of GnuTLS, allowing unauthenticated remote attackers to cause application crashes or potential memory corruption by sending crafted DTLS fragments with conflicting message lengths.