VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 15 of 29
  • CVE-2025-9951HigSep 9, 2025
    risk 0.47cvss epss 0.00

    A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000.

  • CVE-2025-48797HigMay 27, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP can be tricked into making serious memory errors, potentially leading to crashes and causing a heap buffer overflow.

  • CVE-2025-46333HigApr 25, 2025
    risk 0.47cvss epss 0.00

    z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as…

  • CVE-2025-31344HigApr 14, 2025
    risk 0.47cvss 7.3epss 0.00

    Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux. This vulnerability is associated with program files gif2rgb.C. This issue affects giflib: through 5.2.2.

  • CVE-2025-29069HigApr 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A heap buffer overflow vulnerability has been identified in the lcms2-2.16. The vulnerability exists in the UnrollChunkyBytes function in cmspack.c, which is responsible for handling color space transformations. NOTE: this is disputed by the Supplier because the finding…

  • CVE-2026-45653HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-41108HigJun 9, 2026
    risk 0.46cvss 7.0epss 0.00

    Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.

  • CVE-2026-48690HigMay 26, 2026
    risk 0.46cvss 7.1epss 0.00

    FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packets * (max_captured_packet_size +…

  • CVE-2026-32741HigMay 19, 2026
    risk 0.46cvss 7.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel…

  • CVE-2026-29004HigMay 4, 2026
    risk 0.46cvss 8.1epss 0.00

    BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a…

  • CVE-2026-42477HigMay 1, 2026
    risk 0.46cvss 7.1epss 0.00

    A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file.…

  • CVE-2026-32623HigApr 17, 2026
    risk 0.46cvss 8.1epss 0.01

    xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size of reassembled fragmented virtual…

  • CVE-2026-32093HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.01

    Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32087HigApr 14, 2026
    risk 0.46cvss 7.0epss 0.00

    Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.

  • CVE-2026-32316HigApr 13, 2026
    risk 0.46cvss 8.2epss 0.00

    jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer…

  • CVE-2026-2646HigMar 19, 2026
    risk 0.46cvss 8.1epss 0.00

    A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to…

  • CVE-2025-30402HigJul 11, 2025
    risk 0.46cvss 8.1epss 0.00

    A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

  • CVE-2023-33152HigJul 11, 2023
    risk 0.46cvss 7.0epss 0.00

    Microsoft ActiveX Remote Code Execution Vulnerability

  • CVE-2018-1165HigFeb 21, 2018
    risk 0.46cvss 7.0epss 0.01

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.…

  • CVE-2016-1762HigMar 24, 2016
    risk 0.46cvss 8.1epss 0.06

    The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.