VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 22 of 29
  • CVE-2025-6120MedJun 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow.…

  • CVE-2025-3791MedApr 18, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical was found in symisc UnQLite up to 957c377cb691a4f617db9aba5cc46d90425071e2. This vulnerability affects the function jx9MemObjStore of the file /data/src/benchmarks/unqlite/unqlite.c. The manipulation leads to heap-based buffer overflow. It…

  • CVE-2025-3549MedApr 14, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to…

  • CVE-2024-6383MedJul 3, 2024
    risk 0.34cvss 5.3epss 0.01

    The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects libbson versions prior to 1.27.1

  • CVE-2018-7519MedMar 21, 2018
    risk 0.34cvss 5.3epss 0.00

    In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow.

  • CVE-2026-44662MedMay 14, 2026
    risk 0.33cvss epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers…

  • CVE-2026-40169MedApr 13, 2026
    risk 0.33cvss 6.2epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash. This issue has been fixed in version…

  • CVE-2026-35199MedApr 6, 2026
    risk 0.33cvss 6.1epss 0.00

    SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height…

  • CVE-2026-34540MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in icMemDump() when iccDumpProfile attempts to dump/describe malformed tag contents. The issue is…

  • CVE-2026-34539MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile and TIFF input can trigger a heap-buffer-overflow (HBO) in CTiffImg::WriteLine(). The issue is observable under AddressSanitizer as an…

  • CVE-2026-34535MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault (SEGV) in CIccTagArray::Cleanup(). The issue is observable under UBSan/ASan as misaligned member access /…

  • CVE-2026-34534MedMar 31, 2026
    risk 0.33cvss 6.2epss 0.00

    iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a heap-buffer-overflow (HBO) in CIccMpeSpectralMatrix::Describe(). The issue is observable under AddressSanitizer as an…

  • CVE-2025-0633MedFeb 19, 2025
    risk 0.33cvss epss 0.00

    Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory

  • CVE-2025-0662MedJan 30, 2025
    risk 0.32cvss 4.9epss 0.00

    In some cases, the ktrace facility will log the contents of kernel structures to userspace. In one such case, ktrace dumps a variable-sized sockaddr to userspace. There, the full sockaddr is copied, even when it is shorter than the full size. This can result in up to 14…

  • CVE-2024-3447MedNov 14, 2024
    risk 0.32cvss 6.0epss 0.01

    A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on…

  • CVE-2026-8484MedJun 16, 2026
    risk 0.31cvss epss 0.00

    A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the system call. This can lead to heap corruption and application crashes (DoS). All versions are believed to be vulnerable. This…

  • CVE-2025-3512MedApr 11, 2025
    risk 0.31cvss epss 0.00

    There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to QTextMarkdownImporter to trigger the overflow.This issue affects Qt from 6.8.0 to 6.8.4. Versions up to 6.6.0 are known to be…

  • CVE-2024-10254MedJan 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

  • CVE-2024-10253MedJan 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.

  • CVE-2024-43168MedAug 12, 2024
    risk 0.31cvss 4.8epss 0.00

    DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red…