VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 19 of 29
  • CVE-2025-10504MedSep 29, 2025
    risk 0.40cvss 6.1epss 0.00

    Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.

  • CVE-2025-55286HigAug 16, 2025
    risk 0.40cvss epss 0.00

    z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the previous super-sample anti-aliasing…

  • CVE-2026-45542HigJun 10, 2026
    risk 0.39cvss 7.1epss 0.00

    ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler…

  • CVE-2026-33020HigApr 14, 2026
    risk 0.39cvss 7.1epss 0.00

    libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixel_frame_convert_to_rgb888() in frame.c, where allocation size and pointer offset computations for…

  • CVE-2026-33987HigMar 30, 2026
    risk 0.39cvss 7.1epss 0.00

    FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData…

  • CVE-2024-51737HigJan 8, 2025
    risk 0.39cvss 7.0epss 0.00

    RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument,…

  • CVE-2024-51480HigJan 8, 2025
    risk 0.39cvss 7.0epss 0.00

    RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap…

  • CVE-2024-25115HigApr 9, 2024
    risk 0.39cvss 7.0epss 0.00

    RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The…

  • CVE-2016-9586MedApr 23, 2018
    risk 0.39cvss 5.9epss 0.05

    curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could…

  • CVE-2026-48994MedJun 10, 2026
    risk 0.38cvss 5.9epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in…

  • CVE-2026-8261MedMay 11, 2026
    risk 0.38cvss 5.9epss 0.00

    A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and…

  • CVE-2024-38796MedSep 27, 2024
    risk 0.38cvss 5.9epss 0.00

    EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

  • CVE-2026-48914MedJun 12, 2026
    risk 0.37cvss 6.7epss 0.00

    A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI…

  • CVE-2026-48065MedMay 27, 2026
    risk 0.37cvss 6.7epss 0.00

    pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit…

  • CVE-2025-5942MedAug 14, 2025
    risk 0.37cvss epss 0.00

    Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can…

  • CVE-2025-55661MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55652MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55648MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-55645MedJun 15, 2026
    risk 0.36cvss 5.5epss 0.00

    A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2026-44814MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.