CWE-122
Heap-based Buffer Overflow
VariantDraftLikelihood: High
Description
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (341)
page 6 of 18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28905 | Hig | 0.52 | 8.0 | 0.00 | Jun 28, 2025 | A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | |
| CVE-2024-46461 | Hig | 0.52 | 8.0 | 0.00 | Sep 25, 2024 | VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary code execution with the target user's privileges. | |
| CVE-2024-37310 | Cri | 0.52 | 9.0 | 0.02 | Jul 10, 2024 | EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0. | |
| CVE-2019-5436 | Hig | 0.52 | 7.8 | 0.15 | May 28, 2019 | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |
| CVE-2026-43906 | Hig | 0.51 | 7.8 | 0.00 | May 14, 2026 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metadata mismatch, leading to memory corruption and potential code execution. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0. | |
| CVE-2026-42896 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-42831 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |
| CVE-2026-40407 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40398 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40377 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-40362 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |
| CVE-2026-35421 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | |
| CVE-2026-35420 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-34687 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
| CVE-2026-34642 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |
| CVE-2026-34343 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33841 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-33837 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | |
| CVE-2026-42046 | Hig | 0.51 | 7.8 | 0.00 | May 11, 2026 | libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a crafted file in the "caca" format. Depending on the build configuration and memory allocator, this may lead to memory corruption or remote code execution. This is the same vulnerability as CVE-2021-3410 but the fix at that time was not fully correct. Commit fb77acff9ba6bb01d53940da34fb10f20b156a23 fixes this vulnerability. | |
| CVE-2026-5405 | Hig | 0.51 | 7.8 | 0.00 | May 1, 2026 | RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution |