VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 18 of 29
  • CVE-2025-32990MedJul 10, 2025
    risk 0.42cvss 6.5epss 0.01

    A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory…

  • CVE-2025-45029MedJul 2, 2025
    risk 0.42cvss 6.5epss 0.00

    WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.

  • CVE-2024-27243MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.00

    Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.

  • CVE-2016-9577HigJul 27, 2018
    risk 0.42cvss 7.5epss 0.04

    A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.

  • CVE-2013-7354MedMay 6, 2014
    risk 0.42cvss 6.5epss 0.02

    Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.

  • CVE-2013-7353MedMay 6, 2014
    risk 0.42cvss 6.5epss 0.02

    Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.

  • CVE-2026-10194MedMay 31, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack…

  • CVE-2026-25205HigApr 13, 2026
    risk 0.41cvss 7.4epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash  97e8115ab1110bc502b4b5e4a0c689a71520d335 .

  • CVE-2025-2338MedMar 16, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to…

  • CVE-2025-2337MedMar 16, 2025
    risk 0.41cvss 6.3epss 0.01

    A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed…

  • CVE-2024-2824MedMar 22, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2013-3245MedJul 10, 2013
    risk 0.41cvss 6.3epss 0.03

    plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read…

  • CVE-2026-53465MedJun 10, 2026
    risk 0.40cvss 6.2epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has been patched in version 7.1.2-25.

  • CVE-2025-70103HigMay 27, 2026
    risk 0.40cvss 7.3epss 0.00

    Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.

  • CVE-2026-9605HigMay 27, 2026
    risk 0.40cvss 7.3epss 0.00

    A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been…

  • CVE-2026-44983HigMay 26, 2026
    risk 0.40cvss 7.3epss 0.00

    smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow through safe APIs only. This allows…

  • CVE-2026-40380MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.

  • CVE-2026-5244HigApr 2, 2026
    risk 0.40cvss 7.3epss 0.01

    A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely.…

  • CVE-2026-34545HigApr 1, 2026
    risk 0.40cvss 7.3epss 0.01

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of…

  • CVE-2026-0821HigJan 10, 2026
    risk 0.40cvss 7.3epss 0.00

    A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been…