VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 17 of 29
  • CVE-2026-42536HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.01

    Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

  • CVE-2026-34356HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.01

    Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue.

  • CVE-2026-34355HigJun 8, 2026
    risk 0.42cvss 7.5epss 0.01

    A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.

  • CVE-2026-11143MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security…

  • CVE-2026-10993MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-33633HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.00

    Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics…

  • CVE-2026-7040HigApr 27, 2026
    risk 0.42cvss 7.5epss 0.00

    Text::Minify::XS versions from 0.3.0 before 0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minify_utf8 function is an alias for…

  • CVE-2026-33602MedApr 22, 2026
    risk 0.42cvss 6.5epss 0.01

    A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

  • CVE-2026-32135HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for…

  • CVE-2026-33901HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image. This issue…

  • CVE-2026-30999HigApr 13, 2026
    risk 0.42cvss 7.5epss 0.00

    A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-5447HigApr 9, 2026
    risk 0.42cvss 7.5epss 0.00

    Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension.

  • CVE-2026-34120MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network…

  • CVE-2026-34119MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied…

  • CVE-2026-34118MedApr 2, 2026
    risk 0.42cvss 6.5epss 0.00

    A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied…

  • CVE-2026-33986HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns…

  • CVE-2026-33984HigMar 30, 2026
    risk 0.42cvss 7.5epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels…

  • CVE-2025-61154MedMar 12, 2026
    risk 0.42cvss 6.5epss 0.00

    Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at decode.c.

  • CVE-2026-24829MedJan 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.

  • CVE-2025-40930HigSep 8, 2025
    risk 0.42cvss 7.5epss 0.01

    JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.