VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 25 of 29
  • CVE-2026-3281MedFeb 27, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The…

  • CVE-2026-3147MedFeb 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and…

  • CVE-2025-15536MedJan 18, 2026
    risk 0.27cvss 5.3epss 0.00

    A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The…

  • CVE-2025-15533MedJan 18, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed locally. The exploit has…

  • CVE-2025-14958MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    A security flaw has been discovered in floooh sokol up to 33e2271c431bf21de001e972f72da17a984da932. This vulnerability affects the function _sg_pipeline_common_init in the library sokol_gfx.h. Performing manipulation results in heap-based buffer overflow. The attack needs to be…

  • CVE-2025-14956MedDec 19, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host.…

  • CVE-2025-3548MedApr 14, 2025
    risk 0.27cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h of the component File Handler. The manipulation leads to heap-based buffer…

  • CVE-2025-22920MedFeb 18, 2025
    risk 0.27cvss 5.3epss 0.00

    A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service (DoS).

  • CVE-2026-8997MedMay 22, 2026
    risk 0.24cvss epss 0.00

    vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path…

  • CVE-2016-8622LowJul 31, 2018
    risk 0.24cvss 3.7epss 0.05

    The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus…

  • CVE-2017-2591LowApr 30, 2018
    risk 0.24cvss 3.7epss 0.03

    389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force…

  • CVE-2024-46993MedJul 1, 2025
    risk 0.22cvss epss 0.00

    Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is…

  • CVE-2024-43802MedAug 26, 2024
    risk 0.22cvss 4.5epss 0.00

    Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off…

  • CVE-2026-45466LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  • CVE-2026-11792LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext…

  • CVE-2026-5448MedApr 10, 2026
    risk 0.21cvss 4.3epss 0.00

    X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application,…

  • CVE-2026-3463LowMar 3, 2026
    risk 0.21cvss 3.3epss 0.00

    A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can…

  • CVE-2026-3407LowMar 2, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local…

  • CVE-2026-3393LowMar 1, 2026
    risk 0.21cvss 3.3epss 0.00

    A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow.…

  • CVE-2026-2661LowFeb 18, 2026
    risk 0.21cvss 3.3epss 0.00

    A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit has been released to the…