Skip to main content

Buffer Overflow

memory HIGH

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions.

How It Works

A buffer overflow occurs when a program writes more data to a memory buffer than it was allocated to hold, causing the excess data to spill into adjacent memory regions. This overwrites whatever data or code exists there, corrupting program state and potentially giving attackers control over execution flow.

Stack-based overflows are the most common variant. When a function allocates a fixed-size buffer on the stack and then copies user-controlled input without proper bounds checking, attackers can overflow past the buffer to overwrite the function's return address. When the function completes, instead of returning to legitimate code, execution jumps to attacker-specified memory containing malicious shellcode. Heap-based overflows work differently—they corrupt heap metadata like chunk size fields or free list pointers, leading to arbitrary memory writes when the allocator processes the corrupted structures.

Modern exploitation bypasses defensive mechanisms through techniques like Return-Oriented Programming (ROP), which chains together existing code snippets to avoid non-executable memory protections. Attackers may also use heap spraying to reliably position shellcode at predictable addresses, defeating address randomization.

Impact

  • Remote code execution — attacker gains ability to run arbitrary commands with the privileges of the vulnerable process
  • Privilege escalation — exploiting kernel or setuid program overflows to gain root/SYSTEM access
  • Denial of service — crashes and memory corruption that render systems unusable
  • Information disclosure — reading sensitive data from adjacent memory regions that should be inaccessible
  • Authentication bypass — overwriting security-critical variables like permission flags or user IDs

Real-World Examples

Fortinet FortiOS suffered a critical buffer overflow (CVE-2025-32756) that allowed unauthenticated remote attackers to execute code as root on firewalls and VPN gateways. Attackers actively exploited this to compromise enterprise network perimeters before patches were available.

The Slammer worm from 2003 exploited a stack overflow in Microsoft SQL Server, spreading to 75,000 hosts in ten minutes by sending a single malformed UDP packet that overwrote the return address with shellcode. No authentication was required.

OpenSSH historically contained a heap overflow in challenge-response authentication that allowed pre-authentication remote root compromise on Unix systems, demonstrating how memory corruption in privileged network services creates maximum impact scenarios.

Mitigation

  • Memory-safe languages — Rust, Go, and modern managed languages prevent buffer overflows by design through automatic bounds checking
  • Stack canaries — random values placed before return addresses that detect corruption before control transfer
  • Address Space Layout Randomization (ASLR) — randomizes memory locations making exploitation less reliable
  • Data Execution Prevention (DEP/NX) — marks memory regions as non-executable, preventing direct shellcode execution
  • Bounds checking — validate input sizes before copying, use safe functions like strncpy instead of strcpy
  • Fuzzing and static analysis — automated testing to discover overflows before deployment

Recent CVEs (36137)

EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Out-of-bounds read in Google Chrome's Video component on ChromeOS exposes process memory to attackers who have already established renderer process compromise. Specifically, an attacker with an existing foothold in the renderer can serve a crafted HTML page to a ChromeOS user and extract potentially sensitive data from memory. No public exploit or CISA KEV listing exists at time of analysis, and EPSS places exploitation probability at 0.03% (11th percentile), indicating low real-world exploitation activity despite the High CVSS confidentiality impact.

Google Information Disclosure Buffer Overflow
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a heap buffer overflow in the Codecs component triggered by a crafted HTML page. Google rates the underlying issue as High severity and a vendor patch is available, but no public exploit is identified at time of analysis and the bug is not listed in CISA KEV. Exploitation is conditional on chaining with a prior renderer compromise, which raises real-world complexity.

Google Memory Corruption Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in the GPU process. Chromium rates this severity Critical, and while no public exploit identified at time of analysis, the bug is part of a classic two-stage exploitation chain typically used in browser zero-day exploits. Patch is available from vendor in Chrome 149.0.7827.115 and later.

Heap Overflow Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Out-of-bounds read in Vim's built-in terminal emulator (`:terminal` feature) prior to version 9.2.0565 allows a program running inside a `:terminal` window to crash Vim by outputting crafted Unicode combining characters that exhaust all six libvterm cell slots, causing the unguarded loop in `update_snapshot()` to walk past the fixed-size array and append out-of-bounds memory into the scrollback buffer. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog and no public exploit code has been identified, placing this in the lower-urgency tier despite the CVSS 4.0 score of 6.9. Real-world exploitation is constrained by the requirement that a victim be actively using Vim's `:terminal` feature to render attacker-influenced program output.

Information Disclosure Buffer Overflow Vim +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack buffer overflow in GStreamer's H.265/HEVC codec parser (gst-plugins-bad) allows remote unauthenticated attackers to crash GStreamer-based applications by delivering a crafted H.265 video file or stream that a user opens. The root cause is an incorrect loop bound in the buffering period SEI message parser: the parser mistakenly uses cpb_cnt_minus1[i] (the current loop index variable) rather than cpb_cnt_minus1[0] from the referenced Sequence Parameter Set, causing the loop to iterate beyond the bounds of stack-allocated CPB delay arrays and corrupt stack memory. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the deterministic parser logic makes crash reproduction straightforward.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds write in GStreamer's H.266/VVC PPS picture partition parser (`gst-plugins-bad`) allows an attacker to crash media-processing applications - and potentially achieve code execution - by delivering a crafted H.266/VVC media file. The flaw in `gst_h266_parser_parse_picture_partition()` (gsth266parser.c) permits unbounded slice index increments across three fixed-size arrays in `GstH266PPS` during multi-slice-in-tile processing. A proof-of-concept demonstrating at least a 4-byte write exists; no public exploit beyond that initial POC or CISA KEV listing has been identified at time of analysis, though the code structure permits larger writes across multiple iterations which elevates downstream risk above a pure DoS assessment.

Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 +5
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Heap buffer overflow in 389 Directory Server (389-ds-base) SASL I/O layer allows authenticated remote attackers to crash the LDAP service or achieve remote code execution after a successful SASL bind with integrity protection (SSF > 0). The flaw stems from an integer overflow in sasl_io_start_packet() that bypasses the nsslapd-maxsasliosize ceiling, enabling roughly 2 MB of attacker-controlled heap corruption. No public exploit identified at time of analysis, and the impact is amplified in FreeIPA and Red Hat Identity Management deployments where any enrolled user, host, or service principal qualifies as an authenticated attacker.

Integer Overflow RCE Denial Of Service +10
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Heap out-of-bounds read in MIT krb5's LDAP KDB plugin allows a compromised or malicious LDAP backend to crash the KDC or kadmind process, or leak heap memory. The flaw exists in berval2tl_data() within libkdb_ldap and is triggered when the LDAP server returns a krbExtraData attribute with bv_len less than 2, causing an unsigned integer underflow that drives a memcpy of up to 65,534 bytes from a near-zero-length source buffer. Exploitation requires prior control of the LDAP KDB backend server (PR:H, AC:H), constraining real-world risk to insider or supply-chain threat scenarios; no public exploit or CISA KEV listing exists at time of analysis.

Integer Overflow Buffer Overflow Red Hat Enterprise Linux 10 +8
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, CWE-122 write primitives carry inherent escalation risk beyond the scored DoS impact depending on heap layout at time of trigger.

Heap Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Out-of-bounds heap write in ImageMagick's ICON decoder allows remote attackers to crash the application by supplying a maliciously crafted ICON file processed by versions prior to 6.9.13-50 and 7.1.2-25. The flaw stems from an incorrect loop condition during ICON parsing, leading to memory corruption and denial of service. No public exploit identified at time of analysis, but ImageMagick's broad deployment as an image-processing backend in web applications makes drive-by exposure plausible.

Memory Corruption Buffer Overflow Imagemagick
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in GIMP via malicious HDR (High Dynamic Range) image files allows attackers to run code in the context of the user opening the file. The flaw is a heap-based buffer overflow (CWE-122) in the HDR parser, requiring the victim to open a crafted file or visit a malicious page that delivers one. No public exploit identified at time of analysis, but the vulnerability was reported through ZDI (ZDI-CAN-28618) indicating verified researcher analysis.

RCE Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM This Month

Heap-based buffer overflow in OpenVPN's ovpn-dco-win Windows kernel driver (versions 2.0.0-2.8.3) allows a remote authenticated VPN peer to crash the host system by sending a crafted data packet that exploits an incorrect buffer size calculation in the epoch key generator. Because the vulnerable code executes in kernel mode, the resulting memory corruption causes a full system crash (BSOD), not a user-space fault. No public exploit code has been identified and this CVE is not listed in CISA KEV at time of analysis, though the kernel-level availability impact is severe when conditions are met.

Denial Of Service Buffer Overflow Ovpn Dco Win
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Memory corruption in PAN-OS tunnel traffic processing allows an authenticated, adjacent-network attacker to force the firewall into unplanned reboots or maintenance mode via a crafted packet, constituting a denial-of-service against the firewall itself. The CVSS 4.0 vector (AV:A/PR:L/VA:H) confirms the impact is purely availability - no confidentiality or integrity loss - and exploitation requires both authenticated access and adjacency to the tunnel interface. No public exploit code exists and no active exploitation has been reported; the vendor-assigned threat metric (E:U) reinforces that real-world risk is presently low.

Buffer Overflow Paloalto Cloud Ngfw +3
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated remote denial-of-service in Kanidm identity management server versions prior to 1.9.3 allows any network attacker to crash the entire kanidmd daemon by sending a single GET request to any /scim/v1/* endpoint with a deeply nested parenthesised ?filter= query string. The recursive-descent PEG parser exhausts the worker thread's 2 MiB stack, triggering Rust's std::process::abort(). No public exploit identified at time of analysis, but technical details and root cause are fully disclosed in the upstream advisory.

Buffer Overflow Kanidm
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

A malicious application may cause unexpected changes in memory shared between processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Buffer Overflow Apple Race Condition
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service in Erlang/OTP erts (inet_drv SCTP handler) lets unauthenticated remote attackers crash the BEAM VM by sending a single crafted SCTP ERROR chunk to a listening SCTP port. The flaw is a stack-based buffer overflow (CWE-121) in sctp_parse_error_chunk, with the publicly disclosed advisory from the Erlang Ecosystem Foundation (EEF) and an upstream commit confirming the fix; no public exploit identified at time of analysis, and the overflow only permits writing 16-bit values interleaved with a fixed tag, limiting impact to DoS plus minor memory disclosure.

Denial Of Service Buffer Overflow Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Stack-based buffer overflow in Erlang OTP's erl_interface C library (`ei_s_print_term`) crashes processes when decoding Erlang terms containing very large integers, causing Denial of Service. Affected OTP releases span from 17.0 through unfixed branches of 27.x, 28.x, and 29.x, making this a wide-ranging availability risk for C-language nodes that interface with the Erlang runtime. Because overflow bytes are constrained exclusively to ASCII hex digits (0-9, A-F), arbitrary code execution is not feasible - confirmed impact is process crash only. No public exploit has been identified and this CVE is not listed in the CISA KEV catalog.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation to System Management Mode (SMM) in Lenovo ThinkPad BIOS firmware allows a high-privileged local user to execute arbitrary code at one of the most privileged execution rings on x86 hardware. The flaw, an out-of-bounds write (CWE-787) discovered by Lenovo during an internal security assessment, affects a wide range of current-generation ThinkPad models including X1 Carbon 13th Gen, X13 Gen 6, T14s Gen 6, P14s/P16v Gen 3, L13/L14/L16 Gen 6, and E16 Gen 3. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Memory Corruption X13 Gen 6 Type 21Rk 21Rl Laptops Thinkpad Bios +107
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in Red Hat 389 Directory Server allows an authenticated Directory Manager or a compromised replication supplier to crash the server or corrupt heap memory by creating objectclass definitions with excessively long SUP (oc_superior) values. The flaw exists in schema serialization functions where the SUP field length is excluded from buffer size calculations yet still written via strcat(), producing an off-by-N heap overwrite. This is explicitly an incomplete fix variant of CVE-2025-14905, meaning organizations that patched that prior CVE may remain exposed if the SUP field code path was not remediated; no public exploit has been identified at time of analysis.

Heap Overflow Buffer Overflow Red Hat Directory Server 11 +7
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Heap memory corruption in libnfs through 6.0.2 allows a malicious NFS server to trigger an integer overflow in the client's XDR string deserializer when a victim connects to it. The flaw resides in libnfs_zdr_string in lib/libnfs-zdr.c, which failed to validate that an attacker-controlled string size fit within the remaining buffer. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Buffer Overflow Libnfs Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Heap-use-after-free in Ghidra's SLEIGH disassembler engine allows an attacker to cause memory corruption or application crash by supplying a crafted binary for decompilation. All Ghidra releases prior to 12.1 are affected, as is any downstream application consuming the SLEIGH library via the public Sleigh::oneInstruction C++ API. The CVSS v4.0 score of 6.9 reflects a high availability impact (VA:H) with low integrity impact (VI:L) and no confidentiality impact; no public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.

Use After Free Buffer Overflow Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP File Station 5 enables remote unauthenticated attackers to corrupt memory or destabilize processes through a network-accessible attack path requiring only passive user interaction. Affected versions are all releases prior to 5.5.6.5243; QNAP's own security team (security@qnapsecurity.com.tw) discovered and disclosed the issue via advisory QSA-26-27. No public exploit code exists and the vulnerability is not listed in CISA KEV; however, the unauthenticated network attack vector lowers the bar for opportunistic targeting of QNAP NAS deployments.

Stack Overflow Buffer Overflow File Station
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Stack-based buffer overflow in QNAP File Station 5 allows unauthenticated remote attackers to corrupt process memory or crash the file management service when a victim user passively interacts with a crafted input. Affected versions are all File Station 5 releases prior to 5.5.6.5243, running on QNAP NAS devices accessible over the network. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog; QNAP has confirmed and released a fix in version 5.5.6.5243 via advisory QSA-26-32.

Stack Overflow Buffer Overflow File Station
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Stack-based buffer overflow in QNAP File Station 5 versions 5.5.0 through 5.5.6.5208 allows authenticated remote attackers to corrupt memory and crash processes on affected NAS deployments. CVSS 4.0 score of 8.7 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Stack Overflow Buffer Overflow File Station 5
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM PATCH This Month

Integer overflow (CWE-190) in QNAP QTS and QuTS hero NAS operating systems allows a remote attacker who has already obtained an administrator account to further compromise system integrity and availability. Affected versions span QTS 5.2.x and QuTS hero h5.2.x through h6.0.x; QNAP released patched builds in February and May 2026. No public exploit code and no CISA KEV listing have been identified at time of analysis, and the mandatory prerequisite of administrator-level access materially constrains real-world exploitability.

Qnap Integer Overflow Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Out-of-bounds read in ESP-IDF's BlueDroid AVRCP vendor-command parser allows adjacent Bluetooth attackers with low privileges to leak device memory and degrade availability across multiple ESP-IDF stable branches. Versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0 are confirmed affected via the Espressif GitHub security advisory. The parser's failure to validate payload length before dereferencing the buffer pointer enables a malformed AVRCP vendor command to read beyond allocated memory, yielding partial confidentiality loss and potential stack instability. No public exploit code exists and this CVE is not in CISA KEV at time of analysis.

Information Disclosure Buffer Overflow Esp Idf
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Heap buffer overflow in Espressif ESP-IDF's protocomm component allows adjacent-network attackers to corrupt heap memory during the SRP6a (Security Scheme 2) session-setup handshake on affected IoT devices running ESP-IDF 5.2.6, 5.3.5, 5.4.4, 5.5.4, or 6.0. The flaw stems from a type-width mismatch in handle_session_command0() that trusts the client-supplied protobuf username length, enabling denial of service and potential integrity impact on provisioning interfaces. No public exploit identified at time of analysis; patches are available in 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1.

Heap Overflow Buffer Overflow Esp Idf
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Out-of-bounds read in ESP-IDF's embedded DHCP server crashes or exposes heap memory on ESP32 devices operating in SoftAP or DHCP server mode. The `parse_options()` function in the bundled lwIP DHCP server component walks BOOTP/DHCP option TLV fields without validating that each option's declared length stays within the received packet buffer, allowing an adjacent-network unauthenticated attacker to trigger a device crash by sending a single crafted DHCP request. Five active release branches are affected (5.2.x through 6.0.x); vendor-released patches are available across all branches. No public exploit code or CISA KEV listing has been identified at time of analysis.

Information Disclosure Buffer Overflow Esp Idf
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Stack-based buffer overflows in SimpleBLE prior to version 0.14.0 allow remote attackers within Bluetooth range to crash applications by transmitting crafted BLE advertisements containing oversized manufacturer-specific data or service data, requiring no pairing or connection. A separate local overflow exists in the dongl backend's Protocol::simpleble_write function via caller-controlled input. No public exploit identified at time of analysis, but the patch diff and acknowledgement to researcher Mr-IoT confirm three tracked issues (EVE-2026-001/002/003).

Stack Overflow Buffer Overflow Simpleble
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Format Plugins 1.1.2 and earlier occurs through a heap-based buffer overflow that executes in the current user's security context when a victim opens a maliciously crafted file. The flaw was reported by Adobe PSIRT and carries a CVSS 7.8 (high) score, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, suggesting it is currently a patching priority rather than an active incident.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Format Plugins versions 1.1.2 and earlier occurs via a heap-based buffer overflow triggered when a victim opens a malicious file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The flaw is addressed in Adobe Security Bulletin APSB26-65.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier exposes sensitive memory contents to an attacker who can deliver a malicious PDF to a victim. The CVSS vector (AV:L/AC:L/PR:N/UI:R) confirms low complexity with no privilege prerequisite, but requires local file execution - the victim must open the crafted document. Confidentiality impact is rated High (C:H) with no integrity or availability consequence, making this a targeted information disclosure risk with no public exploit identified at time of analysis and no CISA KEV listing.

Information Disclosure Adobe Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. No public exploit has been identified at time of analysis, but the high CVSS of 7.8 reflects severe local impact, and Acrobat Reader's massive install base makes it a perennial phishing target. Exploitation requires user interaction, which moderates urgency relative to zero-click flaws but does not eliminate risk in document-heavy enterprise environments.

Heap Overflow Adobe Buffer Overflow +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier enables sensitive memory disclosure when a victim opens a specially crafted file. The vulnerability (CWE-125) exposes potentially high-value in-memory data - including heap addresses or document contents - but cannot be leveraged for code execution or system modification based on available data. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, though the vendor-confirmed advisory (APSB26-63) establishes this as a real, patched issue.

Information Disclosure Adobe Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Adobe Acrobat Reader exposes sensitive process memory when a victim opens a specially crafted PDF file. Affected versions include 24.001.30365, 26.001.21651, and all earlier releases across both tracks. The vulnerability carries a high confidentiality impact (C:H) with no integrity or availability consequence, making it a targeted information disclosure primitive rather than a code execution path. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Adobe Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) occurs via a stack-based buffer overflow triggered when a victim opens a malicious PDF. Successful exploitation runs attacker code in the context of the current user, making this a viable initial-access vector through phishing or drive-by document delivery. No public exploit identified at time of analysis, but the bug class (CWE-121) and Acrobat's broad install base historically attract weaponization quickly after disclosure.

Adobe Stack Overflow Buffer Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Acrobat Reader (versions 24.001.30365, 26.001.21651 and earlier) is possible when a victim opens a malicious PDF file that triggers an out-of-bounds write condition. The flaw executes code in the context of the logged-in user, and while no public exploit identified at time of analysis, the CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability. Adobe has published advisory APSB26-63 with a fix.

Adobe Memory Corruption Buffer Overflow +1
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Heap-based buffer overflow in SQLite's FTS5 full-text search extension (versions before 3.53.2) allows attackers to crash the process or execute arbitrary code by supplying a malicious database file that triggers an integer underflow in fts5ChunkIterate() during MATCH query processing. The flaw affects any application compiled with SQLITE_ENABLE_FTS5 that opens an attacker-supplied database and runs an FTS5 query against it; no public exploit identified at time of analysis, though VulnCheck has published an advisory.

Heap Overflow Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted asset file that triggers an out-of-bounds write in the application's parsing logic. Exploitation runs in the context of the logged-in user and requires user interaction to open the file; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted file. The flaw executes code in the context of the current user and requires victim interaction, with no public exploit identified at time of analysis and no CISA KEV listing.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler versions 6.0.0 and earlier occurs when a victim opens a maliciously crafted file, triggering an out-of-bounds write (CWE-787) in the application's file parser. Exploitation runs in the context of the current user and no public exploit identified at time of analysis, though the high CVSS of 7.8 reflects the full local impact triad once a user is socially engineered into opening the file.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe Substance3D Sampler 6.0.0 and earlier occurs when a user opens a maliciously crafted 3D asset file, triggering an out-of-bounds write that runs attacker code with the current user's privileges. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the local attack vector combined with high impact and required user interaction makes this a classic targeted-phishing/social-engineering risk against artists and 3D designers.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Memory corruption in SQLite versions before 3.53.2 enables attackers to crash processes, exhaust memory, or potentially execute arbitrary code by supplying a crafted database that triggers flaws in the FTS5 full-text search extension when a MATCH query runs. The CVSS 4.0 vector indicates local attack vector with passive user interaction required, and no public exploit identified at time of analysis. Reported by VulnCheck with patches already merged upstream.

Heap Overflow Buffer Overflow RCE +2
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy versions 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122). Successful exploitation runs attacker code in the security context of the current user, making this a credible vector for endpoint compromise via social engineering. No public exploit identified at time of analysis, and the CVE is not on the CISA KEV list.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InCopy 21.3, 20.5.3, and earlier allows attackers to run code as the current user when a victim opens a maliciously crafted file. The flaw stems from an out-of-bounds write (CWE-787) in file parsing logic, carries a CVSS 7.8 (local, user-interaction required), and has no public exploit identified at time of analysis. Adobe published advisory APSB26-59 addressing the issue.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack-based buffer overflow in Adobe InCopy 21.3, 20.5.3 and earlier enables arbitrary code execution in the context of the logged-in user when a victim opens a maliciously crafted document. The flaw is locally exploitable via file-format parsing and requires user interaction, with no public exploit identified at time of analysis. CVSS 7.8 reflects high impact on confidentiality, integrity, and availability but constrained reachability through the document-open vector.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a heap-based buffer overflow triggered when a victim opens a maliciously crafted file. The flaw runs code in the security context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe has published advisory APSB26-58 addressing the issue.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs when a user opens a maliciously crafted document, triggering a stack-based buffer overflow (CWE-121) that runs attacker code in the context of the current user. Adobe issued advisory APSB26-58 for this issue; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through an out-of-bounds write triggered when a user opens a maliciously crafted document, allowing attacker code to run with the privileges of the current user. The flaw carries a CVSS 7.8 (High) rating, requires victim interaction, and no public exploit identified at time of analysis.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs via a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted document file. The flaw runs code in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. Adobe published advisory APSB26-58 addressing the issue.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier is possible when a user opens a maliciously crafted document, triggering a heap-based buffer overflow. The flaw runs code in the context of the logged-in user and was reported by Adobe; no public exploit identified at time of analysis and EPSS data is not provided.

Heap Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Out-of-bounds read in Adobe InDesign Desktop versions 21.3 and 20.5.3 (and earlier) exposes sensitive process memory when a victim opens a specially crafted document file. The vulnerability carries a high confidentiality impact (CVSS C:H) with no integrity or availability impact, making it a targeted information-disclosure primitive - useful for memory leak-assisted exploitation chains or direct leakage of in-memory content such as document data, credentials, or heap pointers. No public exploit code has been identified and this CVE does not appear in CISA KEV at time of analysis, but its social-engineering-friendly delivery mechanism (malicious file open) makes it a realistic phishing vector against creative industry targets who routinely handle external InDesign files.

Information Disclosure Buffer Overflow Indesign Desktop
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a victim opens a malicious document file. Exploitation runs in the context of the current user and requires user interaction, with no public exploit identified at time of analysis. The issue was reported by Adobe and addressed in security bulletin APSB26-58.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop 21.3, 20.5.3 and earlier allows attackers to run code as the logged-in user when a victim opens a maliciously crafted document file. The flaw is an out-of-bounds write (CWE-787) memory corruption issue requiring user interaction, and no public exploit has been identified at time of analysis.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Adobe InDesign Desktop versions 21.3, 20.5.3 and earlier occurs through a stack-based buffer overflow triggered when a user opens a malicious document. Successful exploitation runs attacker-controlled code in the context of the current user, but requires social engineering since the attack vector is local and user interaction is mandatory. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Stack Overflow Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media is possible through a heap-based buffer overflow that triggers when a user opens or processes a crafted media file. The flaw (CWE-122) carries a CVSS 7.8 with local attack vector and user interaction required, and no public exploit identified at time of analysis. Successful exploitation yields high impact to confidentiality, integrity, and availability within the user's security context.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Desktop Window Manager (DWM) Core Library exposes sensitive memory contents to locally authenticated, low-privileged attackers on Windows 11 and Windows Server 2025. The flaw (CWE-125) allows a standard user to read beyond an allocated buffer boundary within the DWM process, resulting in high-confidence information disclosure with no integrity or availability impact. Microsoft has released patches covering all affected build ranges; no public exploit code has been identified at time of analysis.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Remote Desktop Client is possible via a heap-based buffer overflow that an unauthenticated remote attacker can trigger when a user is convinced to connect to a malicious RDP server. The flaw is rated CVSS 7.5 (High) with attack complexity High and required user interaction, and no public exploit identified at time of analysis. The CWE-416 classification combined with the vendor's tags points to a use-after-free condition reachable through crafted RDP server responses.

Buffer Overflow Memory Corruption Use After Free +10
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or compromised RDP server, triggering a heap-based buffer overflow that leads to arbitrary code execution on the client machine. The flaw is unauthenticated from the server side but requires user interaction and high attack complexity, and no public exploit identified at time of analysis. CVSS is rated 7.5 (High) with confidentiality, integrity, and availability impact.

Use After Free Memory Corruption Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Remote Desktop Client occurs when a user connects to an attacker-controlled RDP server, allowing the server to corrupt heap memory and execute arbitrary code on the client endpoint. The flaw carries a CVSS 8.8 (High) rating reflecting network reach with required user interaction, and no public exploit is identified at time of analysis. The attack pivots the traditional RDP threat model - attackers compromise clients that initiate outbound connections rather than exposed servers.

Use After Free Memory Corruption Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V stems from an out-of-bounds read condition (CWE-122 heap-based buffer overflow) that an attacker with high privileges on a guest or host context can leverage to break confidentiality, integrity, and availability boundaries. The CVSS 8.2 score is elevated by a scope change (S:C), indicating the flaw enables crossing the hypervisor isolation boundary. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow +6
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion condition (CWE-122 heap-based memory corruption per tags) that allows an unauthorized attacker to run arbitrary code on the host. The CVSS 8.4 vector indicates local attack vector with no privileges or user interaction required, and no public exploit is identified at time of analysis. The flaw was reported by Microsoft's MSRC and disclosed via the official update guide.

Heap Overflow Microsoft Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Exploit Likely Act Now

Remote code execution in Microsoft Windows HTTP.sys allows unauthenticated network attackers to execute arbitrary code by triggering an integer overflow that leads to heap-based memory corruption. The flaw carries a CVSS 9.8 rating reflecting network reachability, no privileges, and no user interaction, and impacts the kernel-mode HTTP listener used by IIS and any Windows service relying on the HTTP Server API. No public exploit has been identified at the time of analysis and CISA KEV does not list it, but the wormable profile of HTTP.sys flaws warrants urgent patching.

Heap Overflow Microsoft Buffer Overflow
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Heap-based buffer overflow in Microsoft Remote Desktop Client enables remote code execution when a user connects to a malicious RDP server, with the attacker gaining the same privileges as the connecting user. The CVSS 8.8 score reflects network-reachable exploitation requiring only minimal user interaction (initiating an RDP session), and no public exploit has been identified at time of analysis. The flaw is reported by Microsoft Security Response Center (secure@microsoft.com) and is categorized as CWE-122 heap-based buffer overflow.

Heap Overflow Buffer Overflow Windows App +13
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Remote code execution in Microsoft Windows Kerberos implementation allows an authenticated attacker on an adjacent network segment to trigger an integer overflow and execute arbitrary code. The flaw is rated CVSS 7.1 (High) with high attack complexity and requires low-level privileges, and at the time of analysis there is no public exploit identified. Because Kerberos is a core authentication service in Windows domain environments, successful exploitation has direct implications for domain trust and identity security.

Microsoft Integer Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Windows Kernel allows unauthenticated network attackers to execute arbitrary code by triggering a use-after-free condition (CWE-122 heap-related memory corruption). The flaw was reported by Microsoft (secure@microsoft.com) and carries a critical CVSS 9.8 with no public exploit identified at time of analysis. Tag metadata indicates the bug can also be leveraged for heap overflow and denial-of-service outcomes.

Denial Of Service Heap Overflow Microsoft +1
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Kernel allows an authenticated low-privilege attacker to elevate to SYSTEM by triggering a use-after-free condition in kernel memory. The flaw carries a CVSS 7.0 rating with high attack complexity, and no public exploit identified at time of analysis. Exploitation requires a race condition or specific timing to be won, which constrains reliable weaponization but does not eliminate the risk on multi-user or shared Windows hosts.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services allows an authenticated network attacker to trigger a stack-based buffer overflow (CWE-121) and execute arbitrary code on the targeted domain controller. With CVSS 8.8 (AV:N/AC:L/PR:L/UI:N) and high impact across confidentiality, integrity, and availability, successful exploitation could enable full domain compromise. There is no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Stack Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-822) that triggers when a user opens a maliciously crafted document. The CVSS 7.8 vector (AV:L/AC:L/PR:N/UI:R) reflects a classic client-side file-format attack requiring user interaction but no prior authentication, yielding full confidentiality, integrity, and availability impact on the targeted workstation. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV, but Office document parsers are historically high-value targets and the vulnerability was reported by Microsoft's own MSRC team.

Microsoft Buffer Overflow 365 Apps +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V allows an authenticated attacker on a guest or host to escape sandbox boundaries by triggering an out-of-bounds read condition (CWE-843, type confusion) in the hypervisor. The flaw affects Windows 10 (21H2/22H2), Windows 11 (23H2/24H2/25H2/26H1), and Windows Server 2022/2025, with a vendor-released patch available and no public exploit identified at time of analysis. EPSS scoring of 0.15% and SSVC exploitation status of 'none' suggest limited near-term exploitation likelihood despite total technical impact potential.

Microsoft Memory Corruption Buffer Overflow +8
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.

Information Disclosure Microsoft Buffer Overflow +15
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Ancillary Function Driver (AFD.sys) for WinSock allows an authenticated low-privileged user to gain SYSTEM-level access through a use-after-free condition. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8 score with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the AFD.sys driver has a long history of similar bugs being weaponized post-disclosure.

Denial Of Service Heap Overflow Microsoft +14
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Windows NTFS allows an unauthorized attacker to run arbitrary code on the target system by triggering a heap-based buffer overflow, with no public exploit identified at time of analysis. The CVSS 7.8 rating reflects high impact across confidentiality, integrity, and availability, but exploitation requires local vector and user interaction. Microsoft (secure@microsoft.com) is the assigning CNA, indicating a first-party vendor advisory via MSRC.

Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in the Windows DHCP Server service enables a locally authenticated, low-privileged attacker to disclose contents of process memory on affected systems. The CVSS vector (AV:L/AC:L/PR:L/UI:N) confirms this is a local, low-complexity attack requiring only standard user privileges - no elevated rights or user interaction needed. Exploitation is constrained to hosts where the Windows DHCP Server role is actively installed and running, which significantly limits the attack surface to designated infrastructure servers rather than general workstations. No public exploit code has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Out-of-bounds read in Windows DHCP Server exposes adjacent memory contents and can crash the service, yielding both information disclosure and a high-severity denial-of-service condition on affected Windows systems. The flaw (CWE-125) is exploitable locally with low attack complexity and no user interaction, targeting systems where the DHCP Server role is installed across a broad range of Windows 10, 11, and Server editions from 2012 through 2025. No public exploit has been identified at time of analysis, and Microsoft has released patched builds via the MSRC update guide (CVE-2026-45608).

Information Disclosure Microsoft Buffer Overflow +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Hyper-V allows an authenticated low-privilege attacker to run arbitrary code on the host via an out-of-bounds read (CWE-125) in the hypervisor. The flaw affects a broad swath of Windows 10, Windows 11, and Windows Server builds running Hyper-V, and Microsoft has released patches. No public exploit identified at time of analysis and EPSS is very low (0.06%), but SSVC technical impact is rated total.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft's UxTheme Library (uxtheme.dll) enables a locally authenticated attacker to crash the affected Windows system, resulting in denial of service. The vulnerability spans a broad swath of Windows releases - from Server 2012 through Windows 11 26H1 and Windows Server 2025 - making patch surface management critical for enterprise environments. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in the Windows Application Identity (AppID) Subsystem exposes sensitive kernel or process memory to a local authenticated attacker without requiring elevated privileges or user interaction. Affected builds span Windows 11 versions 23H2 through 26H1 and Windows Server 2025, including Server Core installations. No public exploit code has been identified at time of analysis and this CVE does not appear in the CISA KEV catalog, though the high confidentiality impact (CVSS C:H) indicates meaningful data exposure potential when triggered.

Information Disclosure Microsoft Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in Microsoft Windows Internet (wininet.dll) allows an authenticated low-privileged attacker to elevate to higher privileges by triggering an integer overflow condition. With a CVSS score of 7.8 and full impact on confidentiality, integrity, and availability, this flaw represents a meaningful post-compromise risk on affected Windows systems, though no public exploit identified at time of analysis. The vulnerability has been reported by Microsoft's own security team (secure@microsoft.com), indicating internal discovery and coordinated disclosure.

Microsoft Integer Overflow Buffer Overflow
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Out-of-bounds read in Microsoft Office and SharePoint Server exposes low-level memory contents to a local attacker when a victim opens a crafted document. Affected products span Microsoft 365 Apps for Enterprise, Office 2016/2019/LTSC 2021/2024, Office for Mac variants, and SharePoint Server 2016/2019/Subscription Edition - all at version 16.0.x baselines. The CVSS score of 3.3 (Low) reflects constrained impact: confidentiality is only partially affected, integrity and availability are untouched, and exploitation requires both local access and user interaction. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthenticated attacker can trigger when a user opens a crafted document. The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, with required user interaction limiting mass exploitation. There is no public exploit identified at time of analysis and the issue is not currently listed on the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction. The flaw carries a CVSS 3.1 score of 8.4 with high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite requiring local access, the absence of authentication and user-interaction requirements makes this a notable priority for endpoint patching cycles.

Microsoft Use After Free Memory Corruption +8
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office via a heap-based buffer overflow allows an unauthorized attacker to run arbitrary code with the privileges of the user opening a malicious document. The CVSS vector (AV:L/PR:N/UI:N) indicates local attack vector without required authentication or user interaction, an unusual combination that warrants verification against the vendor advisory. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Microsoft Use After Free Memory Corruption +8
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel results from an integer underflow (CWE-122 heap-based) that allows an unauthorized attacker to run arbitrary code in the context of the user opening a crafted spreadsheet. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the originating CNA, and the issue is tagged as a buffer/heap overflow class flaw.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Monitor

Heap-based buffer overflow in Microsoft Office Word exposes limited local memory contents when a user opens a specially crafted document. Affecting multiple Office product lines including Microsoft 365 Apps for Enterprise, Office LTSC 2021, LTSC 2024, and their Mac counterparts, the vulnerability carries a CVSS score of 3.3 (Low) and is constrained to confidentiality impact only, with no integrity or availability consequences. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Heap Overflow Microsoft Buffer Overflow +4
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible via a heap-based buffer overflow that an unauthorized attacker can trigger without user interaction, yielding full confidentiality, integrity, and availability impact on the host. The flaw is rated 8.4 (CVSS:3.1) and was disclosed by Microsoft's Security Response Center, but no public exploit has been identified at the time of analysis. Despite the CWE-121 tagging as a stack overflow, the description and CWE-122 class indicate the corruption occurs on the heap, so defenders should treat this as a memory-corruption RCE-class issue requiring prompt patching.

Microsoft Stack Overflow Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office via a heap-based buffer overflow that lets an unauthorized attacker run arbitrary code in the context of the current user. The flaw carries a CVSS 8.4 rating driven by high impact across confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Despite the 'unauthorized' wording, the CVSS vector specifies a local attack vector, indicating the attacker must already be able to deliver a crafted file or run code on the target system.

Microsoft Use After Free Memory Corruption +8
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Out-of-bounds read (buffer over-read) in Microsoft Office exposes sensitive memory contents to a local attacker who can induce a user to open a specially crafted file. Affecting a broad surface including Microsoft 365 Apps for Enterprise, Office LTSC 2021/2024, Office 2019, and mobile/Mac variants, the vulnerability carries a CVSS 4.7 (Medium) with high confidentiality impact but no integrity or availability consequence. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, but the wide deployment footprint of Microsoft Office makes even targeted information disclosure attacks operationally significant.

Microsoft Buffer Overflow 365 Apps +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word is possible through an untrusted pointer dereference (CWE-125 out-of-bounds read) that an attacker can trigger by convincing a user to open a malicious document. The CVSS 7.8 vector (AV:L/AC:L/PR:N/UI:R) reflects high impact to confidentiality, integrity, and availability once the booby-trapped file is opened, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow +4
NVD VulDB
Prev Page 12 of 402 Next

Quick Facts

Typical Severity
HIGH
Category
memory
Total CVEs
36137

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy