VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 8 of 29
  • CVE-2026-20452HigJun 1, 2026
    risk 0.52cvss 8.0epss 0.00

    In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00480138; Issue ID:…

  • CVE-2026-8834HigMay 26, 2026
    risk 0.52cvss 8.0epss 0.00

    IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service.

  • CVE-2026-3561HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.01

    Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to…

  • CVE-2026-3557HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.01

    Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is…

  • CVE-2026-3555HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.00

    Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to…

  • CVE-2023-28905HigJun 28, 2025
    risk 0.52cvss 8.0epss 0.00

    A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected…

  • CVE-2024-46461HigSep 25, 2024
    risk 0.52cvss 8.0epss 0.01

    VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow which could be triggered with a maliciously crafted mms stream (heap based overflow). If successful, a malicious third party could trigger either a crash of VLC or an arbitrary…

  • CVE-2024-37310CriJul 10, 2024
    risk 0.52cvss 9.0epss 0.01

    EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0.

  • CVE-2019-5436HigMay 28, 2019
    risk 0.52cvss 7.8epss 0.50

    A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

  • CVE-2026-47964HigJun 16, 2026
    risk 0.51cvss 7.8epss 0.00

    DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-12193HigJun 15, 2026
    risk 0.51cvss 7.8epss 0.00

    A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtl_Handler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out…

  • CVE-2026-2049HigJun 10, 2026
    risk 0.51cvss 7.8epss 0.01

    GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit…

  • CVE-2026-48292HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-48291HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-47952HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must…

  • CVE-2026-11824HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value…

  • CVE-2026-11822HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can…

  • CVE-2026-34707HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34701HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34699HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…