VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 24 of 29
  • CVE-2026-8552MedMay 14, 2026
    risk 0.28cvss 4.3epss 0.00

    Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6298MedApr 15, 2026
    risk 0.28cvss 4.3epss 0.00

    Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-5869MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5867MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5864MedApr 8, 2026
    risk 0.28cvss 4.3epss 0.00

    Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-49604MedJul 9, 2025
    risk 0.28cvss 5.4epss 0.00

    For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the…

  • CVE-2024-48075MedNov 12, 2024
    risk 0.28cvss 5.3epss 0.01

    A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Client Key Exchange message.

  • CVE-2026-46692MedJun 10, 2026
    risk 0.27cvss 4.1epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write in the server process. This issue has…

  • CVE-2026-10231MedJun 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in Assimp up to 6.0.4. Affected is the function HL1MDLLoader::extract_anim_value of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Performing a manipulation of the argument num.total results in heap-based buffer overflow.…

  • CVE-2026-10230MedJun 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in Assimp up to 6.0.4. This impacts the function Assimp::MDL::HalfLife::HL1MDLLoader::read_animations of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. Such manipulation leads to heap-based buffer overflow. The attack must be…

  • CVE-2026-10229MedJun 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in Assimp up to 6.0.4. This affects the function HL1MDLLoader::read_meshes of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The…

  • CVE-2026-10200MedMay 31, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in Assimp up to 6.0.4. This affects the function glTFCommon::CopyValue in the library glTFCommon.h of the component 4x4 Matrix Parser. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position.…

  • CVE-2026-9502MedMay 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is…

  • CVE-2026-8213MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached…

  • CVE-2026-8212MedMay 9, 2026
    risk 0.27cvss 5.3epss 0.00

    A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been…

  • CVE-2026-8087MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldName results in heap-based buffer overflow. The attack must be initiated from a…

  • CVE-2026-8086MedMay 7, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName leads to heap-based buffer overflow. The attack must be carried out locally. The…

  • CVE-2026-33899MedApr 13, 2026
    risk 0.27cvss 5.3epss 0.00

    ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions…

  • CVE-2026-34979MedApr 3, 2026
    risk 0.27cvss 5.3epss 0.00

    OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there…

  • CVE-2026-34743MedApr 2, 2026
    risk 0.27cvss 5.3epss 0.00

    XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append()…