VYPR

CWE-122

Heap-based Buffer Overflow

VariantDraftLikelihood: High

Description

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

Hierarchy (View 1000)

Children

none

Related attack patterns (CAPEC)

CAPEC-92

CVEs mapped to this weakness (568)

page 9 of 29
  • CVE-2026-34698HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-48574HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.

  • CVE-2026-45638HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

  • CVE-2026-45636HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

  • CVE-2026-45475HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-45469HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  • CVE-2026-44824HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-44819HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-44811HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-44808HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42980HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.06

    Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40404HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

  • CVE-2026-0100HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-25713HigMay 26, 2026
    risk 0.51cvss 7.8epss 0.00

    MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability

  • CVE-2026-22554HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability

  • CVE-2026-43906HigMay 14, 2026
    risk 0.51cvss 7.8epss 0.00

    OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to…

  • CVE-2026-42896HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.

  • CVE-2026-42831HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-40407HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

  • CVE-2026-40398HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.02

    Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.