VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 23 of 29
  • CVE-2026-11604MedJun 10, 2026
    risk 0.29cvss epss 0.00

    An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash…

  • CVE-2025-55664MedJun 1, 2026
    risk 0.29cvss 5.5epss 0.00

    A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2026-7310MedMay 26, 2026
    risk 0.29cvss epss 0.00

    A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code…

  • CVE-2026-9365MedMay 24, 2026
    risk 0.29cvss 5.6epss 0.00

    A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be…

  • CVE-2026-42309MedMay 9, 2026
    risk 0.29cvss 5.5epss 0.00

    Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested…

  • CVE-2026-39103MedMay 5, 2026
    risk 0.29cvss 5.5epss 0.00

    Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()

  • CVE-2026-6530MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-6529MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-5653MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-7378MedApr 30, 2026
    risk 0.29cvss 5.5epss 0.00

    Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service

  • CVE-2026-40310MedApr 13, 2026
    risk 0.29cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in…

  • CVE-2026-40183MedApr 13, 2026
    risk 0.29cvss 5.5epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. This issue has been fixed in version…

  • CVE-2026-29043MedApr 10, 2026
    risk 0.29cvss 5.5epss 0.00

    HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further…

  • CVE-2025-11947MedOct 19, 2025
    risk 0.29cvss 4.5epss 0.00

    A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host.…

  • CVE-2025-40929MedSep 8, 2025
    risk 0.29cvss 5.6epss 0.00

    Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact

  • CVE-2024-56827MedJan 9, 2025
    risk 0.29cvss 5.6epss 0.00

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

  • CVE-2024-56826MedJan 9, 2025
    risk 0.29cvss 5.6epss 0.00

    A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.

  • CVE-2016-9603MedJul 27, 2018
    risk 0.29cvss 5.5epss 0.04

    A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest…

  • CVE-2018-1123LowMay 23, 2018
    risk 0.29cvss 3.9epss 0.09

    procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

  • CVE-2026-8560MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)