VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 14 of 29
  • CVE-2025-3712HigMay 9, 2025
    risk 0.49cvss 7.5epss 0.01

    The LCD KVM over IP Switch CL5708IM has a Heap-based Buffer Overflow vulnerability in firmware versions prior to v2.2.215, allowing unauthenticated remote attackers to exploit this vulnerability to perform a denial-of-service attack.

  • CVE-2025-29070HigApr 1, 2025
    risk 0.49cvss 7.5epss 0.01

    A heap buffer overflow vulnerability has been identified in thesmooth2() in cmsgamma.c in lcms2-2.16 which allows a remote attacker to cause a denial of service. NOTE: the Supplier disputes this because "this is not exploitable as this function is never called on normal color…

  • CVE-2023-52356HigJan 25, 2024
    risk 0.49cvss 7.5epss 0.02

    A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

  • CVE-2017-7908HigOct 2, 2018
    risk 0.49cvss 7.6epss 0.01

    A heap-based buffer overflow exists in the third-party product Gigasoft, v5 and prior, included in GE Communicator 3.15 and prior. A malicious HTML file that loads the ActiveX controls can trigger the vulnerability via unchecked function calls.

  • CVE-2018-14821HigSep 20, 2018
    risk 0.49cvss 7.5epss 0.04

    Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually…

  • CVE-2018-1089HigMay 9, 2018
    risk 0.49cvss 7.5epss 0.04

    389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially…

  • CVE-2017-9050HigMay 18, 2017
    risk 0.49cvss 7.5epss 0.05

    libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

  • CVE-2026-44636HigMay 14, 2026
    risk 0.48cvss 7.4epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel_encode entry point validates only that width and…

  • CVE-2026-40706HigApr 21, 2026
    risk 0.48cvss 8.4epss 0.00

    In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat,…

  • CVE-2026-32710HigMar 20, 2026
    risk 0.48cvss 8.5epss 0.01

    MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code…

  • CVE-2026-24180HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.00

    NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

  • CVE-2026-38427HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.00

    An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, causing allocation of a smaller buffer than…

  • CVE-2026-0264HigMay 13, 2026
    risk 0.47cvss epss 0.00

    A buffer overflow vulnerability in the DNS proxy and DNS Server features of Palo Alto Networks PAN-OS® Software allows an unauthenticated attacker with network access to cause a denial of service (DoS) condition (all PAN-OS platforms except Cloud NGFW and Prisma Access) or…

  • CVE-2026-35433HigMay 12, 2026
    risk 0.47cvss 7.3epss 0.01

    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32177HigMay 12, 2026
    risk 0.47cvss 7.3epss 0.01

    Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.

  • CVE-2026-32149HigApr 14, 2026
    risk 0.47cvss 7.3epss 0.00

    Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.

  • CVE-2025-14905HigFeb 23, 2026
    risk 0.47cvss 7.2epss 0.01

    A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting…

  • CVE-2025-15247HigDec 30, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in gmg137 snap7-rs up to 153d3e8c16decd7271e2a5b2e3da4d6f68589424. Affected by this issue is the function snap7_rs::client::S7Client::download of the file client.rs. Such manipulation leads to heap-based buffer overflow. The attack can be executed…

  • CVE-2025-14673HigDec 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit…

  • CVE-2025-14672HigDec 14, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been…