VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 4 of 29
  • CVE-2026-34329HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.

  • CVE-2026-41509CriMay 8, 2026
    risk 0.57cvss 9.8epss 0.00

    CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This issue has been patched via commit…

  • CVE-2026-6210HigMay 6, 2026
    risk 0.57cvss epss 0.00

    A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A…

  • CVE-2026-28780CriMay 5, 2026
    risk 0.57cvss 9.8epss 0.01

    Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap…

  • CVE-2026-7339HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-20766HigApr 28, 2026
    risk 0.57cvss 8.8epss 0.00

    An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.

  • CVE-2026-40504CriApr 16, 2026
    risk 0.57cvss 9.8epss 0.01

    Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can exploit insufficient bounds checking in…

  • CVE-2026-6306HigApr 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-6305HigApr 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

  • CVE-2026-5264CriApr 9, 2026
    risk 0.57cvss 9.8epss 0.00

    Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.

  • CVE-2026-5187CriApr 9, 2026
    risk 0.57cvss 9.8epss 0.00

    Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bounds write when outSz equals 1. Second,…

  • CVE-2026-5868HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5858HigApr 8, 2026
    risk 0.57cvss 8.8epss 0.01

    Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-5275HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5272HigApr 1, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-3548CriMar 19, 2026
    risk 0.57cvss 9.8epss 0.00

    Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With…

  • CVE-2006-10003CriMar 19, 2026
    risk 0.57cvss 9.8epss 0.01

    XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls…

  • CVE-2026-3560HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to…

  • CVE-2026-3556HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.01

    Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3845HigMar 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.