VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 12 of 29
  • CVE-2024-21886HigFeb 28, 2024
    risk 0.51cvss 7.8epss 0.01

    A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments.

  • CVE-2024-21885HigFeb 28, 2024
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an…

  • CVE-2021-4019HigDec 1, 2021
    risk 0.51cvss 7.8epss 0.02

    vim is vulnerable to Heap-based Buffer Overflow

  • CVE-2018-1056HigJul 27, 2018
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

  • CVE-2018-3858HigJul 19, 2018
    risk 0.51cvss 7.8epss 0.01

    An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this…

  • CVE-2018-3857HigJul 19, 2018
    risk 0.51cvss 7.8epss 0.02

    An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this…

  • CVE-2018-8833HigApr 25, 2018
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.

  • CVE-2018-8834HigApr 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator…

  • CVE-2017-16737HigJan 12, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in WECON Technology LEVI Studio HMI Editor v1.8.29 and prior. A specially-crafted malicious file may be able to cause a heap-based buffer overflow vulnerability when opened by a user.

  • CVE-2026-44421HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is…

  • CVE-2026-44420HigMay 29, 2026
    risk 0.50cvss 8.8epss 0.03

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can…

  • CVE-2026-40033HigMay 26, 2026
    risk 0.50cvss 8.8epss 0.01

    FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using…

  • CVE-2026-20185HigMay 6, 2026
    risk 0.50cvss 7.7epss 0.00

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attacker to cause a denial of service (DoS)…

  • CVE-2026-25589HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a…

  • CVE-2026-25588HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.01

    RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server…

  • CVE-2026-25243HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.03

    Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serialized payload that triggers invalid…

  • CVE-2026-5402HigApr 30, 2026
    risk 0.50cvss 8.8epss 0.00

    TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

  • CVE-2026-40614HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.00

    PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FEC decode buffers (dec_frame[].buf) were…

  • CVE-2026-41445HigApr 20, 2026
    risk 0.50cvss 8.8epss 0.00

    KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integer arithmetic before being widened to…

  • CVE-2026-35512HigApr 17, 2026
    risk 0.50cvss 8.8epss 0.01

    xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs.…