VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 10 of 29
  • CVE-2026-40377HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40362HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-35421HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

  • CVE-2026-35420HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34687HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-34642HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34343HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.

  • CVE-2026-34336HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33841HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-33837HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

  • CVE-2025-12659HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.

  • CVE-2026-6846HigApr 22, 2026
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to…

  • CVE-2026-27293HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-34630HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-27313HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-27312HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-27311HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-27310HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-34629HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34628HigApr 14, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…