Total
1969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-21281 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2026-01-14 | N/A | 7.8 HIGH |
|
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2026-21277 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2026-01-14 | N/A | 7.8 HIGH |
|
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2026-01-14 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2026-21682 | 1 Color | 1 Iccdev | 2026-01-14 | N/A | 8.8 HIGH |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXmlArrayType::ParseText()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available.
|
|||||
| CVE-2026-21488 | 1 Color | 1 Iccdev | 2026-01-14 | N/A | 6.1 MEDIUM |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText::Read function. This issue is fixed in version 2.3.1.2.
|
|||||
| CVE-2026-21678 | 1 Color | 1 Iccdev | 2026-01-13 | N/A | 7.8 HIGH |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2.
|
|||||
| CVE-2025-14935 | 1 Unidata | 1 Netcdf | 2026-01-13 | N/A | 7.8 HIGH |
|
NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of dimension names. The issue results from the lack of proper validation of the length of user-supplied ...
Show More |
|||||
| CVE-2024-49775 | 2026-01-13 | N/A | 9.8 CRITICAL | ||
|
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All ...
Show More |
|||||
| CVE-2026-21486 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 7.8 HIGH |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabilities in its CIccSparseMatrix::CIccSparseMatrix function. This issue is fixed in version 2.3.1.2.
|
|||||
| CVE-2026-21676 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 8.8 HIGH |
|
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed in version 2.3.1.1.
|
|||||
| CVE-2026-21494 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 6.1 MEDIUM |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut8::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
|
|||||
| CVE-2026-21491 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 6.1 MEDIUM |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in unicode buffer overflow in `CIccTagTextDescription`. Version 2.3.1.2 contains a patch. No known workarounds are available.
|
|||||
| CVE-2026-21490 | 1 Color | 1 Iccdev | 2026-01-12 | N/A | 6.1 MEDIUM |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It results in heap buffer overflow in `CIccTagLut16::Validate()`. Version 2.3.1.2 contains a patch. No known workarounds are available.
|
|||||
| CVE-2025-67268 | 1 Gpsd Project | 1 Gpsd | 2026-01-12 | N/A | 9.8 CRITICAL |
|
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially a ...
Show More |
|||||
| CVE-2025-63701 | 1 Advantech | 2 Tp 3250, Tp 3250 Firmware | 2026-01-12 | N/A | 6.8 MEDIUM |
|
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffer size, leading to invalid memory operations and heap corruption. This vulnerability can cause denial of service through application crashes and potentially lead to code execution in user space. Lo ...
Show More |
|||||
| CVE-2026-21504 | 1 Color | 1 Iccdev | 2026-01-09 | N/A | 6.6 MEDIUM |
|
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.
|
|||||
| CVE-2025-50343 | 1 Matio Project | 1 Matio | 2026-01-09 | N/A | 9.8 CRITICAL |
|
An issue was discovered in matio 1.5.28. A heap-based memory corruption can occur in Mat_VarCreateStruct() when the nfields value does not match the actual number of strings in the fields array. This leads to out-of-bounds reads and invalid memory frees during cleanup, potentially causing a segmentation fault or heap corruption.
|
|||||
| CVE-2025-5915 | 2 Libarchive, Redhat | 3 Libarchive, Enterprise Linux, Openshift Container Platform | 2026-01-08 | N/A | 6.6 MEDIUM |
|
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
|
|||||
| CVE-2025-31177 | 1 Gnuplot | 1 Gnuplot | 2026-01-08 | N/A | 5.5 MEDIUM |
|
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
|
|||||
| CVE-2025-15272 | 1 Fontforge | 1 Fontforge | 2026-01-07 | N/A | 8.8 HIGH |
|
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ...
Show More |
|||||
| CVE-2025-15274 | 1 Fontforge | 1 Fontforge | 2026-01-07 | N/A | 8.8 HIGH |
|
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ...
Show More |
|||||
| CVE-2025-15275 | 1 Fontforge | 1 Fontforge | 2026-01-07 | N/A | 8.8 HIGH |
|
FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of SFD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ...
Show More |
|||||
| CVE-2025-15277 | 1 Fontforge | 1 Fontforge | 2026-01-07 | N/A | 7.8 HIGH |
|
FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of scanlines within SGI files. The issue results from the lack of proper validation of the length of user-supplied d ...
Show More |
|||||
| CVE-2025-15279 | 1 Fontforge | 1 Fontforge | 2026-01-07 | N/A | 7.8 HIGH |
|
FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of pixels within BMP files. The issue results from the lack of proper validation of the length of user-supplied data ...
Show More |
|||||
| CVE-2023-51795 | 2 Fedoraproject, Ffmpeg | 2 Fedora, Ffmpeg | 2026-01-07 | N/A | 8.0 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame
|
|||||
| CVE-2023-51794 | 1 Ffmpeg | 1 Ffmpeg | 2026-01-07 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
|
|||||
| CVE-2025-2368 | 1 Webassembly | 1 Wabt | 2026-01-06 | 7.5 HIGH | 6.3 MEDIUM |
|
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the component Malformed File Handler. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2025-67873 | 1 Capstone-engine | 1 Capstone | 2026-01-02 | N/A | 4.8 MEDIUM |
|
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
|
|||||
| CVE-2025-11961 | 2025-12-31 | N/A | 1.9 LOW | ||
|
pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function with an argument that deviates from the expected format, the function can read data beyond the end of the provided string and write data beyond the end of the allocated buffer.
|
|||||
| CVE-2024-23127 | 1 Autodesk | 9 Advance Steel, Autocad, Autocad Architecture and 6 more | 2025-12-31 | N/A | 7.8 HIGH |
|
A maliciously crafted MODEL, SLDPRT, or SLDASM file, when parsed in ODXSW_DLL.dll and libodxdll.dll through Autodesk applications, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
|
|||||
| CVE-2025-68469 | 1 Imagemagick | 1 Imagemagick | 2025-12-30 | N/A | 3.3 LOW |
|
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.1-14, ImageMagick crashes when processing a crafted TIFF file. Version 7.1.1-14 fixes the issue.
|
|||||
| CVE-2025-14958 | 1 Floooh | 1 Sokol | 2025-12-30 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or upda ...
Show More |
|||||
| CVE-2025-66217 | 1 Aiscatcher | 1 Ais-catcher | 2025-12-23 | N/A | 7.5 HIGH |
|
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in ve ...
Show More |
|||||
| CVE-2025-65406 | 1 Live555 | 1 Streaming Media | 2025-12-23 | N/A | 6.5 MEDIUM |
|
A heap overflow in the MatroskaFile::createRTPSinkForTrackNumber() function of Live555 Streaming Media v2018.09.02 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MKV file.
|
|||||
| CVE-2025-67896 | 1 Exim | 1 Exim | 2025-12-22 | N/A | 7.0 HIGH |
|
Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
|
|||||
| CVE-2025-10881 | 1 Autodesk | 16 3ds Max, Advance Steel, Autocad and 13 more | 2025-12-19 | N/A | 7.8 HIGH |
|
A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
|
|||||
| CVE-2017-9050 | 1 Xmlsoft | 1 Libxml2 | 2025-12-17 | 5.0 MEDIUM | 7.5 HIGH |
|
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
|
|||||
| CVE-2016-1762 | 6 Apple, Canonical, Debian and 3 more | 15 Iphone Os, Mac Os X, Safari and 12 more | 2025-12-17 | 5.8 MEDIUM | 8.1 HIGH |
|
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
|
|||||
| CVE-2025-50360 | 1 Dannyvankooten | 1 Pepper | 2025-12-16 | N/A | 8.4 HIGH |
|
A heap buffer overflow in compiler.c and compiler.h in Pepper language 0.1.1commit 961a5d9988c5986d563310275adad3fd181b2bb7. Malicious execution of a pepper source file(.pr) could lead to arbitrary code execution or Denial of Service.
|
|||||
| CVE-2025-46373 | 1 Fortinet | 1 Forticlient | 2025-12-16 | N/A | 7.8 HIGH |
|
A Heap-based Buffer Overflow vulnerability [CWE-122] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.8 may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys". The attacker would need to bypass the Windows heap integrity protections
|
|||||