VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 28 of 29
  • CVE-2025-55004Aug 13, 2025
    risk 0.00cvss epss 0.01

    ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in…

  • CVE-2025-48071Jul 31, 2025
    risk 0.00cvss epss 0.00

    OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep…

  • CVE-2025-48379Jul 1, 2025
    risk 0.00cvss epss 0.00

    Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings) image in the DDS format due to writing into a buffer without checking for available space. This only…

  • CVE-2025-21172Jan 14, 2025
    risk 0.00cvss epss 0.02

    .NET and Visual Studio Remote Code Execution Vulnerability

  • CVE-2025-21171Jan 14, 2025
    risk 0.00cvss epss 0.02

    .NET Remote Code Execution Vulnerability

  • CVE-2024-43598Nov 12, 2024
    risk 0.00cvss epss 0.01

    LightGBM Remote Code Execution Vulnerability

  • CVE-2024-46488Sep 25, 2024
    risk 0.00cvss epss 0.00

    sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

  • CVE-2024-8948Sep 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed…

  • CVE-2024-8946Sep 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack…

  • CVE-2024-37280Jun 13, 2024
    risk 0.00cvss epss 0.01

    A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and…

  • CVE-2024-30045May 14, 2024
    risk 0.00cvss epss 0.01

    .NET and Visual Studio Remote Code Execution Vulnerability

  • CVE-2024-34249May 6, 2024
    risk 0.00cvss epss 0.01

    wasm3 v0.5.0 was discovered to contain a heap buffer overflow which leads to segmentation fault via the function "DeallocateSlot" in wasm3/source/m3_compile.c.

  • CVE-2024-31580Apr 17, 2024
    risk 0.00cvss epss 0.00

    PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2023-50572Dec 29, 2023
    risk 0.00cvss epss 0.00

    An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.

  • CVE-2023-40889Aug 29, 2023
    risk 0.00cvss epss 0.02

    A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or…

  • CVE-2023-24897Jun 14, 2023
    risk 0.00cvss epss 0.01

    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

  • CVE-2023-25664Mar 24, 2023
    risk 0.00cvss epss 0.00

    TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

  • CVE-2023-25668Mar 24, 2023
    risk 0.00cvss epss 0.01

    TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and…

  • CVE-2022-43171Nov 17, 2022
    risk 0.00cvss epss 0.01

    A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.

  • CVE-2022-24795Apr 5, 2022
    risk 0.00cvss epss 0.03

    yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64`…