VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 16 of 29
  • CVE-2026-54896higJun 19, 2026
    risk 0.45cvss epss

    ### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With…

  • CVE-2025-65079MedFeb 3, 2026
    risk 0.45cvss epss 0.00

    A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user.

  • CVE-2026-47747HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in…

  • CVE-2026-47749HigJun 16, 2026
    risk 0.44cvss 7.8epss 0.00

    stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICODE parsing for PyTorch checkpoint files.…

  • CVE-2026-47311HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-42046HigMay 11, 2026
    risk 0.44cvss 7.8epss 0.00

    libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format.…

  • CVE-2026-5405HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2026-5403HigMay 1, 2026
    risk 0.44cvss 7.8epss 0.00

    SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

  • CVE-2026-32223MedApr 14, 2026
    risk 0.44cvss 6.8epss 0.01

    Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.

  • CVE-2026-33298HigMar 24, 2026
    risk 0.44cvss 7.8epss 0.00

    llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation by crafting a GGUF file with specific tensor dimensions. This causes `ggml_nbytes` to return a…

  • CVE-2026-27940HigMar 12, 2026
    risk 0.44cvss 7.8epss 0.00

    llama.cpp is an inference of several LLM models in C/C++. Prior to b8146, the gguf_init_from_file_impl() in gguf.cpp is vulnerable to an Integer overflow, leading to an undersized heap allocation. Using the subsequent fread() writes 528+ bytes of attacker-controlled data past…

  • CVE-2025-5517MedOct 20, 2025
    risk 0.44cvss 6.8epss 0.00

    Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terra AC PTB, ABB Terra AC wallbox (JP).This…

  • CVE-2025-4657MedJul 17, 2025
    risk 0.44cvss 6.7epss 0.00

    A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow a local attacker with elevated privileges to execute arbitrary code.

  • CVE-2024-0145MedFeb 12, 2025
    risk 0.44cvss 6.8epss 0.01

    NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering.

  • CVE-2016-8654HigAug 1, 2018
    risk 0.44cvss 7.8epss 0.02

    A heap-buffer overflow vulnerability was found in QMFB code in JPC codec caused by buffer being allocated with too small size. jasper versions before 2.0.0 are affected.

  • CVE-2016-1834HigMay 20, 2016
    risk 0.44cvss 7.8epss 0.05

    Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…

  • CVE-2026-25749MedFeb 6, 2026
    risk 0.43cvss 6.6epss 0.00

    Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When…

  • CVE-2018-14618HigSep 5, 2018
    risk 0.43cvss 7.5epss 0.11

    curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length…

  • CVE-2018-10840MedJul 16, 2018
    risk 0.43cvss 6.6epss 0.01

    Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. An attacker could exploit this by operating on a mounted crafted ext4 image.

  • CVE-2026-11884MedJun 10, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse() and schema_oc_to_string(), but the field is still written via strcat(). An…