CWE-122
Heap-based Buffer Overflow
VariantDraftLikelihood: High
Description
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (341)
page 4 of 18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-50739 | Hig | 0.57 | 8.8 | 0.00 | Jan 18, 2025 | A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | |
| CVE-2024-21802 | Hig | 0.57 | 8.8 | 0.01 | Feb 26, 2024 | A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |
| CVE-2023-6246 | Hig | 0.57 | 8.4 | 0.25 | Jan 31, 2024 | A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. | |
| CVE-2017-12704 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2017 | A heap-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validation of the length of user-supplied data prior to copying it to the heap-based buffer, which could allow an attacker to execute arbitrary code under the context of the process. | |
| CVE-2017-6037 | Hig | 0.57 | 8.8 | 0.00 | Apr 27, 2017 | A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system. | |
| CVE-2017-5225 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2017 | LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value. | |
| CVE-2014-9495 | Hig | 0.57 | 8.8 | 0.03 | Jan 10, 2015 | Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image. | |
| CVE-2017-16717 | Hig | 0.56 | 8.6 | 0.01 | Dec 20, 2017 | A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution. | |
| CVE-2026-40364 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |
| CVE-2026-40363 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2026-40706 | Hig | 0.55 | 8.4 | 0.00 | Apr 21, 2026 | In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path (stat, readdir, open) when processing a security descriptor with multiple ACCESS_DENIED ACEs containing WRITE_OWNER from distinct group SIDs. | |
| CVE-2026-32221 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. | |
| CVE-2026-32710 | Hig | 0.55 | 8.5 | 0.00 | Mar 20, 2026 | MariaDB server is a community developed fork of MySQL server. An authenticated user can crash MariaDB versions 11.4 before 11.4.10 and 11.8 before 11.8.6 via a bug in JSON_SCHEMA_VALID() function. Under certain conditions it might be possible to turn the crash into a remote code execution. These conditions require tight control over memory layout which is generally only attainable in a lab environment. This issue is fixed in MariaDB 11.4.10, MariaDB 11.8.6, and MariaDB 12.2.2. | |
| CVE-2025-49850 | Hig | 0.55 | — | 0.00 | Jun 17, 2025 | A Heap-based Buffer Overflow vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data structures. | |
| CVE-2023-52168 | Hig | 0.55 | 8.4 | 0.00 | Jul 3, 2024 | The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. | |
| CVE-2026-8525 | Hig | 0.54 | 8.3 | 0.00 | May 14, 2026 | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7900 | Hig | 0.54 | 8.3 | 0.00 | May 6, 2026 | Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7353 | Hig | 0.54 | 8.3 | 0.00 | Apr 28, 2026 | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-6361 | Hig | 0.54 | 8.3 | 0.00 | Apr 15, 2026 | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | |
| CVE-2026-42945 | Hig | 0.53 | 8.1 | 0.00 | May 13, 2026 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, for systems with Address Space Layout Randomization (ASLR ) disabled, code execution is possible. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |