VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 13 of 29
  • CVE-2024-56732HigDec 27, 2024
    risk 0.50cvss 8.8epss 0.01

    HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.

  • CVE-2022-2347HigSep 23, 2022
    risk 0.50cvss 7.7epss 0.01

    There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts…

  • CVE-2018-10893HigSep 11, 2018
    risk 0.50cvss 7.6epss 0.02

    Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

  • CVE-2026-46520HigJun 10, 2026
    risk 0.49cvss 7.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This issue has been patched in versions…

  • CVE-2023-43688HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.

  • CVE-2026-44799HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42993HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-42992HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

  • CVE-2026-22164HigJun 8, 2026
    risk 0.49cvss 7.5epss 0.00

    Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory.

  • CVE-2026-10946HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9123HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Medium)

  • CVE-2026-23827HigMay 12, 2026
    risk 0.49cvss 7.5epss 0.01

    A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code…

  • CVE-2026-5201HigMar 31, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user…

  • CVE-2025-67433HigFeb 12, 2026
    risk 0.49cvss 7.5epss 0.00

    A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet.

  • CVE-2025-57740HigOct 14, 2025
    risk 0.49cvss 7.5epss 0.01

    An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versions, 1.2 all versions, 1.1 all versions,…

  • CVE-2025-40928HigSep 8, 2025
    risk 0.49cvss 7.5epss 0.01

    JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

  • CVE-2025-36853HigSep 8, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of…

  • CVE-2025-53816HigJul 17, 2025
    risk 0.49cvss 7.5epss 0.01

    7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue.

  • CVE-2025-48990HigJun 2, 2025
    risk 0.49cvss epss 0.00

    NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write…

  • CVE-2025-3713HigMay 9, 2025
    risk 0.49cvss 7.5epss 0.01

    The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.