Skip to main content

Heap Overflow

1931 CVEs technique

Monthly

CVE-2026-50675 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft Microsoft 365 Apps For Enterprise Microsoft Excel 2016 +7
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-55005 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 14 +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-54122 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-54992 HIGH POC PATCH NEWS Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-54993 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-54986 HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2026-54132 MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2026-54990 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Remote Desktop Client (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an unauthenticated network attacker to run arbitrary code via a heap-based buffer overflow. Exploitation is client-side: a victim connecting to an attacker-controlled or malicious RDP endpoint can be compromised, with the CVSS 9.8 vector indicating no privileges or user authentication are required. No public exploit has been identified at time of analysis, but a vendor patch is available and the flaw's parameters make it a high-priority fix.

Heap Overflow Buffer Overflow Windows 11 Version 24H2 Windows 11 Version 25H2 Windows 11 Version 26H1 +2
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-50696 HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1809 Windows 10 Version 21H2 +9
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2026-54987 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49172 CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +11
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-49175 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 21H2 Windows 10 Version 22H2 +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-49164 HIGH PATCH NEWS This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +15
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2026-42990 CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 Windows 10 Version 1809 Windows 10 Version 21H2 +16
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2026-42975 HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft Windows 10 Version 1607 Windows 10 Version 1809 +16
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2026-15520 LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG 0.13.4-154-g0b573035 allows a local low-privileged attacker to corrupt heap memory by supplying a crafted DWG file processed through the R2004 section decompressor, yielding partial confidentiality, integrity, and availability impact. The vulnerability resides in `decompress_R2004_section` within `src/decode.c` and is exploitable whenever LibreDWG parses attacker-controlled R2004-format DWG content. A public proof-of-concept exploit file has been disclosed on GitHub; no CISA KEV listing is present, indicating no confirmed widespread active exploitation at time of analysis.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-15506 HIGH POC This Week

Local privilege escalation in SecureAge CatchPulse endpoint protection (versions up to and including 10.9.3) stems from a heap-based buffer overflow in the kernel driver saappctl.sys, where an authenticated local user can corrupt kernel heap memory to gain code execution at ring 0. Publicly available exploit code exists (demonstrated in a YouTube proof-of-concept), but there is no public exploit identified as being used in active attacks and the issue is not on CISA KEV. The CVSS 4.0 base score of 7.1 reflects local-only reachability but full compromise of confidentiality, integrity, and availability on the host once triggered.

Heap Overflow Buffer Overflow Catchpulse
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-56372 NuGet MEDIUM PATCH This Month

Heap-based out-of-bounds read in ImageMagick before 7.1.2-19 is triggered when processing an image carrying an unrecognized magnify:method value, causing the magnify operation to read beyond allocated heap memory. Affected systems running any version prior to 7.1.2-19 can be impacted when a user or automated pipeline processes a specially crafted image file, with outcomes ranging from partial memory disclosure to application crash. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept has been identified at time of analysis, and the CVSS 4.0 score of 4.8 (Medium) reflects the limited local/interactive nature of the attack.

Heap Overflow Denial Of Service Buffer Overflow Imagemagick
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-54000 HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the `processes` table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Privilege Escalation Heap Overflow Microsoft Buffer Overflow Osquery
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-54001 HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a maliciously crafted binary and having the authenticode table query it, triggering a heap out-of-bounds write in the getOriginalProgramName publisher-parsing routine. The flaw is a CWE-122 heap buffer overflow reachable whenever osquery (typically running as SYSTEM) evaluates authenticode publisher metadata against attacker-controlled files. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.

Privilege Escalation Heap Overflow Microsoft Buffer Overflow Osquery
NVD GitHub
CVSS 4.0
7.0
EPSS
0.1%
CVE-2026-15028 LOW Monitor

Heap overflow in libarchive's PAX extended header parser allows exploitation via a maliciously crafted tar archive containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation of the affected system could result in a denial of service condition or, in more serious cases, arbitrary code execution under the privileges of the process invoking libarchive. No public exploit code or active exploitation has been confirmed at time of analysis, though a GitHub pull request (#3253) indicating an upstream fix is available suggests the issue is reproducible and patch-ready. The official CVSS score of 3.9 (Low) conflicts materially with the vendor-applied RCE tag, a discrepancy that warrants independent validation.

Denial Of Service RCE Heap Overflow Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.9
EPSS
0.3%
CVE-2026-53720 PyPI MEDIUM PATCH GHSA This Month

Heap buffer overflow in pymonocypher's argon2i_32 function allows memory corruption when callers supply an undersized nb_blocks buffer, violating the library's API contract without triggering any bounds check. Applications using pymonocypher prior to version 4.0.2.8 that invoke the Argon2i password-hashing interface are at risk of heap corruption, which can produce crashes or potentially enable controlled memory writes. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed.

Heap Overflow Buffer Overflow
NVD GitHub
CVE-2026-15182 LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG up to version 0.13.4 allows local low-privileged attackers to corrupt heap memory via a specially crafted DWG file containing malicious BMP image data processed by the dwg_bmp function in src/dwg.c. A public proof-of-concept exploit (a crafted R13/R2000 .dwg file) has been disclosed on GitHub, raising the urgency for affected deployments that process untrusted DWG input. No confirmed active exploitation (CISA KEV) has been recorded, and a vendor-released patch in version 0.14 fully resolves the issue.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-58306 MEDIUM This Month

Heap-based buffer overflow in Samsung's open-source Escargot JavaScript engine corrupts heap memory when processing maliciously crafted input, leading to a high-severity availability impact and a limited integrity impact. The vulnerability affects all Escargot releases before commit ef525f337fafddecde77a3c426212a84bb20cb98, targeting embedded and IoT contexts where the engine is deployed - most notably Samsung TV appliances. No public exploit identified at time of analysis, and no CISA KEV listing, but the local-vector, low-complexity nature of heap overflows makes this reliably triggerable once an attacker can supply crafted input to the engine.

Heap Overflow Samsung Buffer Overflow Escargot
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-57156 HIGH PATCH This Week

Heap-based buffer overflow in FreeRDP (the widely used open-source RDP client library) allows a malicious or compromised RDP server to corrupt client memory and potentially achieve remote code execution in the connecting client's context. The flaw lives in the primary drawing-order parser (update_read_delta_points in libfreerdp/core/orders.c), where an inverted integer-overflow guard let an attacker-controlled point count produce an undersized heap allocation followed by an out-of-bounds write. No public exploit identified at time of analysis; the issue is fixed in FreeRDP 3.28.0 (GHSA-v5wf-j8j4-77h7).

Heap Overflow Buffer Overflow Freerdp
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.5%
CVE-2026-15174 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.6 and 4.4.0-4.4.16 is caused by a heap-based buffer overflow in the Catapult DCT2000 protocol dissector, crashing the application when a crafted capture file is opened. The CVSS local attack vector (AV:L) and required user interaction (UI:R) constrain exploitation to scenarios where an analyst is socially engineered into opening a malicious capture file - no remote or unauthenticated network exploitation path exists. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; vendor-released fixes are available in 4.6.7 and 4.4.17.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15173 MEDIUM PATCH This Month

The pcapng file parser in Wireshark 4.6.0 through 4.6.6 contains a heap-based buffer overflow (CWE-122) that crashes the application, resulting in denial of service. An attacker must convince a user to open a specially crafted pcapng capture file, making this a social-engineering-dependent attack with no network-facing exploitation path. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV; a vendor patch is available in Wireshark 4.6.7.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15170 MEDIUM PATCH This Month

Heap-based buffer overflow in Wireshark's Z39.50 protocol dissector crashes the application when processing malformed Z39.50 PDUs, resulting in denial of service. Affected versions span the 4.4.x branch (4.4.0-4.4.16) and 4.6.x branch (4.6.0-4.6.6). An attacker can trigger the crash by persuading an analyst to open a crafted packet capture file or by injecting malicious Z39.50 traffic onto a monitored network segment; no active exploitation (CISA KEV) or public exploit code has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15169 HIGH PATCH This Week

Denial of service in Wireshark's UMTS FP protocol dissector affects the 4.6.0-4.6.6 and 4.4.0-4.4.16 release branches, where a malformed UMTS Frame Protocol packet triggers a heap-based buffer overflow (CWE-122) that crashes the application. A remote attacker who can get the crafted frame parsed - via live capture on a monitored segment or a shared capture file - can reliably terminate the analyzer, with no confidentiality or integrity impact. Publicly available exploit code exists (SSVC=poc) but it is not on CISA KEV, and EPSS is low at 0.14% (4th percentile), indicating minimal observed exploitation pressure.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-15165 MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0 through 4.6.6 lets a remote attacker crash the application by feeding it a malformed TLS packet using the Encrypted Client Hello (ECH) extension, triggering a heap buffer overflow in the ECH decryptor. No authentication or user interaction beyond processing the traffic is required, though impact is limited to availability (analyzer crash) with no code execution or data disclosure claimed. Publicly available exploit code exists per SSVC (POC), EPSS is low at 0.14% (4th percentile), and it is not listed in CISA KEV.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-15164 MEDIUM PATCH This Month

Denial of service in Wireshark's ciscodump remote capture utility (extcap) affects versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16, where a heap-based buffer overflow (CWE-122) can crash the capture tool. An attacker able to feed crafted data to a running ciscodump session can terminate the process, disrupting live packet capture. A POC is referenced by CISA's SSVC assessment (no public exploit code independently identified), it is not in CISA KEV, and EPSS is very low at 0.10% (1st percentile), indicating minimal likelihood of widespread exploitation.

Heap Overflow Denial Of Service Buffer Overflow Wireshark
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-55999 HIGH PATCH This Week

Local privilege escalation via heap buffer overflow in the X.Org Server (versions before 21.1.24) and Xwayland (before 24.1.13) allows a local user holding an X connection to corrupt heap memory by supplying a malicious PCX font. The flaw lives in the SetFont code path, where missing glyph boundary checks let an oversized or malformed glyph write past its heap allocation, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis; EPSS is low at 0.28% and CISA SSVC rates exploitation as none.

Buffer Overflow Heap Overflow X Server Xwayland
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2026-56001 HIGH PATCH This Week

Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the BitmapScaleBitmaps routine, where a 32-bit size calculation overflows during bitmap font scaling. Any client able to connect to the X Server and request scaled bitmap fonts can corrupt heap memory and run code within the X server's process context, which is frequently privileged. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS is low at 0.37% (29th percentile), consistent with the SSVC finding of no observed exploitation despite total technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-56003 HIGH PATCH This Week

Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X server via a maliciously crafted PCF bitmap font. The flaw sits in ComputeScaledProperties(), where a missing bounds check on the property buffer allows a heap overflow (CWE-122) that runs in the X server's security context - typically root on traditional Linux desktops. There is no public exploit identified at time of analysis; EPSS is modest at 0.58% and CISA SSVC rates exploitation as 'none' with 'total' technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-56002 HIGH PATCH This Week

Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. No public exploit is identified at time of analysis and CISA SSVC rates current exploitation as none, but the technical impact is rated total.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-58471 MEDIUM PATCH This Month

Heap buffer overflow in GNU Wget through 1.25.0 allows network-positioned attackers to corrupt heap memory by serving a maliciously crafted filename that triggers a flawed iconv E2BIG reallocation path in convert_fname() within src/url.c. The miscalculated remaining-space offset during reallocation writes beyond the allocated heap region, producing a high-availability impact (process crash) and limited integrity exposure. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, the fix is confirmed via upstream commit c2640fe on the official GNU Wget GitLab repository.

Heap Overflow Buffer Overflow Wget
NVD VulDB
CVSS 4.0
6.0
EPSS
0.2%
CVE-2026-14940 MEDIUM This Month

Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. Per the confirmed CVSS vector (PR:N), no authentication is required; no public exploit code or CISA KEV listing has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow Red Hat Directory Server 11 Red Hat Directory Server 12 +8
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-11610 HIGH PATCH This Week

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.

Heap Overflow Denial Of Service Buffer Overflow Red Hat Red Hat Directory Server 11 +8
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-15668 LOW POC PATCH Monitor

Heap-based buffer overflow in GPAC's MP4Box component allows a local low-privileged attacker to crash the application by supplying a crafted MP4 file. The vulnerable function `sgpd_del_entry` in `src/isomedia/box_code_base.c` mishandles the `data` argument during Sample Group Description Box parsing, triggering an out-of-bounds heap write. A public proof-of-concept exploit exists; however, the vulnerability is not in CISA KEV and the CVSS 4.0 score of 4.8 reflects limited availability-only impact with no confidentiality or integrity compromise.

Heap Overflow Buffer Overflow Gpac
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14759 LOW POC PATCH Monitor

Heap-based buffer overflow in radare2's Java binary parser (all versions up to 6.1.6) allows a local, low-privileged attacker to crash the tool by supplying a crafted Java class file with a malformed Line Number Table attribute. The vulnerable function `r_bin_java_inner_classes_attr_calc_size()` in `shlr/java/class.c` miscalculates buffer sizes, resulting in a heap write beyond allocated bounds and a denial-of-service outcome. A public proof-of-concept exists via GitHub issue #26043; no active exploitation has been confirmed by CISA KEV, and impact is confined to availability with no confidentiality or integrity effects.

Heap Overflow Java Buffer Overflow Radare2
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-14355 MEDIUM PATCH This Month

Heap-based buffer overflow in PHP's OpenSSL extension affects all maintained PHP branches (8.2.x, 8.3.x, 8.4.x, 8.5.x) when the AES key-wrap-with-padding (AES-WRAP-PAD) algorithm per RFC 5649 is invoked. The output buffer is allocated based only on plaintext length, omitting the mandatory RFC 5649 padding expansion, causing OpenSSL to write beyond the allocated heap region, corrupt heap metadata, and abort the process. No public exploit has been identified at time of analysis; vendor-released patches are available for all affected branches.

Heap Overflow OpenSSL Buffer Overflow PHP Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-14610 LOW POC PATCH Monitor

Heap-based buffer overflow in Assimp's CSM file handler (versions 6.0.0-6.0.5) allows a local low-privileged attacker to corrupt heap memory by supplying a crafted Character Studio Motion (CSM) file to any application that uses the library for asset import. The flaw exists in `Assimp::CSMImporter::InternReadFile` within `code/AssetLib/CSM/CSMLoader.cpp` and affects all Assimp 6.0.x releases confirmed by EUVD-2026-41601. No public exploit identified at time of analysis as a KEV entry, but a publicly available exploit code (poc.zip) exists, and the upstream patch commit is available though not yet confirmed in a tagged release.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-56645 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a heap-based buffer overflow (CWE-122) that a network attacker can trigger when a victim renders crafted web content. The CVSS 3.1 base score is 8.8 with a network vector requiring user interaction (UI:R), and Microsoft has released an official fix (RL:O). No public exploit identified at time of analysis — the temporal metric E:U marks exploit code as unproven — and it is not listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow Google Microsoft Edge Chromium Based
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2026-58379 HIGH This Week

Heap-based buffer overflow in GIMP's Paint Shop Pro (PSP) image format parser lets an attacker achieve arbitrary code execution or crash the application when a victim opens a maliciously crafted PSP file. The flaw stems from incorrect buffer-size arithmetic on low bit-depth images, and affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; exploitation requires local file-open interaction (CVSS 7.3).

Heap Overflow Denial Of Service Buffer Overflow RCE Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-52834 Cargo HIGH PATCH GHSA This Week

Heap out-of-bounds writes in jxl-oxide's jxl-grid crate allow attacker-controlled memory corruption on 32-bit platforms when decoding a crafted JPEG XL image, potentially leading to arbitrary code execution. An integer overflow in AlignedGrid's width×height length calculation produces an undersized backing buffer for huge logical dimensions, after which rendering writes through mutable subgrids beyond the allocation. Publicly available exploit code exists in the advisory (miri/ASan PoC tests); no active exploitation is reported (not in CISA KEV) and no EPSS score was provided.

Heap Overflow Buffer Overflow RCE
NVD GitHub
CVSS 3.1
7.3
CVE-2026-14415 HIGH PATCH This Week

Heap corruption in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 lets a remote attacker who lures a user to a crafted HTML page and coaxes them into specific UI gestures potentially achieve memory corruption and code execution in the renderer. The flaw was reported internally by the Chrome team and is patched in the Stable channel; no public exploit identified at time of analysis, and EPSS is low (0.18%, 8th percentile). Note the tension in the signals: NVD/aggregator CVSS is 8.8 (High) while Google's own Chromium severity rating is Low.

Heap Overflow Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-14427 HIGH PATCH This Week

Sandbox escape in Google Chrome desktop before 150.0.7871.46 is possible through a heap buffer overflow in the Skia graphics library, letting an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Critical by Chromium and CVSS 8.3, it is a second-stage bug: it presumes prior renderer code execution rather than granting initial access on its own. No public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.2%
CVE-2026-14385 HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-46290 PyPI HIGH PATCH GHSA This Week

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-46289 PyPI HIGH PATCH GHSA This Week

Heap Overflow Python Buffer Overflow Cisco Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-15666 LOW POC Monitor

Heap-based buffer overflow in Open Asset Import Library (Assimp) versions up to 5.4.3 allows a local attacker with low privileges to corrupt heap memory by supplying a crafted 3D model file with manipulated width or height values to the SceneCombiner::Copy function in code/Common/SceneCombiner.cpp. A public proof-of-concept exploit has been disclosed via GitHub issue #6079, elevating real-world risk despite the local-only attack vector. No confirmed patched release has been independently verified at time of analysis, and exploitation conditions require only low-privilege local access with no user interaction beyond loading the malicious file.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-20462 MEDIUM This Month

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Android devices, delivering full confidentiality, integrity, and availability impact. Twenty-two specific MediaTek SoC variants are confirmed affected, spanning the MT6xxx and MT8xxx mid-range and budget families. No public exploit has been identified at time of analysis; MediaTek has issued patch ALPS11006447 via their July 2026 security bulletin, but exploitation requires a pre-existing System-level privilege on the device, making this a chaining vulnerability rather than a standalone entry vector.

Privilege Escalation Heap Overflow Buffer Overflow Mediatek Chipset
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2026-13976 MEDIUM PATCH This Month

Sandbox escape in Google Chrome prior to 150.0.7871.47 exploits a heap-based buffer overflow (CWE-122) in the Storage component, enabling an attacker who has already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. This is a chained, second-stage vulnerability - renderer compromise through a separate flaw is a hard prerequisite, making standalone exploitation infeasible. EPSS sits at 0.21% (11th percentile), there is no CISA KEV listing, and no public exploit code has been identified at time of analysis; a vendor patch is confirmed available as Chrome 150.0.7871.47.

Heap Overflow Buffer Overflow Google Suse
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2026-13884 HIGH PATCH This Week

Heap-based integer overflow in Google Chrome's Chromecast component allows an adjacent-network attacker to achieve arbitrary code execution against browsers running versions prior to 150.0.7871.47. The flaw is reachable via crafted malicious network traffic and carries a high CVSS of 8.8; Google has shipped a stable-channel fix, and no public exploit has been identified at time of analysis. Chromium rates the underlying issue as Medium severity despite the high CVSS, reflecting the adjacency and interaction constraints.

Heap Overflow RCE Buffer Overflow Google Suse
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13835 HIGH PATCH This Week

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow Buffer Overflow Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-13798 CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 stems from a heap buffer overflow in the Chromecast component, letting an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6, but it is a second-stage bug requiring prior renderer control, and there is no public exploit identified at time of analysis (SSVC exploitation: none, EPSS 0.22%). No CISA KEV listing exists, indicating no confirmed active exploitation.

Heap Overflow Buffer Overflow Google Suse
NVD VulDB
CVSS 3.1
9.6
EPSS
0.2%
CVE-2026-54696 LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow Json
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2026-12912 HIGH PATCH This Week

Heap-based buffer overflow in libtiff's PixarLog codec decoder lets attackers crash or potentially execute code in any application that decodes a maliciously crafted PixarLog-compressed TIFF using the PIXARLOGDATAFMT_8BITABGR output format with a specific stride value. Any software linking libtiff for TIFF decoding is exposed, with impact ranging from denial of service to potential arbitrary code execution. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, so exploitation is theoretical rather than observed.

Heap Overflow Denial Of Service Buffer Overflow RCE
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2026-13587 LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05 allows remote attackers to crash applications that parse attacker-controlled pcapng files via a crafted `captured_packet_length` value in the `parse_by_block_type` function of the LightPcapNg Parser. A publicly available proof-of-concept exploit (poc.zip) exists, though confirmed impact is limited to availability - application crash/denial-of-service - with no confidentiality or integrity impact indicated by the CVSS 4.0 vector. No active exploitation is confirmed, and no patch has been identified at time of analysis.

Heap Overflow Buffer Overflow Pcapplusplus
NVD VulDB GitHub
CVSS 4.0
2.9
EPSS
0.4%
CVE-2026-13574 LOW POC Monitor

Heap-based buffer overflow in LLVM llvm-project through version 22.1.6 allows a local low-privilege attacker to crash affected LLVM tooling by supplying a crafted bitcode file that triggers an out-of-bounds heap write in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. The LLVM project was notified via a GitHub issue report but has not yet responded or released a patch. A proof-of-concept exploit has been publicly disclosed, and no active exploitation is confirmed in CISA KEV.

Heap Overflow Buffer Overflow Llvm Project
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-51219 MEDIUM This Month

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Denial Of Service Buffer Overflow N A Heap Overflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-51218 MEDIUM This Month

Heap buffer overflow in snap7 v1.4.3 crashes the embedded S7 server when processing a specially crafted write function packet targeting TS7Worker::PerformFunctionWrite() in /core/s7_server.cpp. Systems deploying snap7 as an S7-compatible communication server - common in industrial SCADA, HMI, and IoT gateway applications bridging to Siemens S7-series PLCs - can be disrupted remotely with no privileges required per the CVSS PR:N designation. No public exploit identified at time of analysis, and the EPSS score of 0.19% (8th percentile) reflects minimal current exploitation activity; however, operational impact in OT environments can exceed what the CVSS Availability score alone suggests.

Heap Overflow Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2026-30040 MEDIUM This Month

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.

RCE Heap Overflow Buffer Overflow
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2026-56789 HIGH POC This Week

Denial-of-service memory corruption in RTKLIB through version 2.4.3 lets an attacker crash GNSS post-processing applications such as rnx2rtkp and RTKPOST by supplying a malicious RINEX observation file. The readrnxobsb function in src/rinex.c fails to clamp the satellite-count value read from RINEX epoch headers, so a file declaring more than 64 satellites per epoch triggers a heap buffer overflow write and out-of-bounds stack reads. Publicly available exploit code exists (VulnCheck/GitHub issue #796); there is no public exploit identified as actively exploited, and the CVSS 4.0 impact is limited to availability (VA:H).

Heap Overflow Buffer Overflow Rtklib
NVD GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2026-46752 CRITICAL Act Now

Memory corruption in Apache Kvrocks' embedded Lua scripting engine allows a client able to run EVAL/EVALSHA commands to trigger a stack buffer overflow in the bit.tohex() function, potentially crashing the server or corrupting process memory toward code execution. Kvrocks is a Redis-protocol-compatible distributed key-value store, and this flaw was disclosed via the oss-security mailing list on 2026-06-25 alongside three other Kvrocks issues. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Path Traversal Buffer Overflow Apache Heap Overflow
NVD VulDB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2026-2050 HIGH This Week

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-controlled length data is copied into an undersized heap buffer without bounds validation. Any user who opens a maliciously crafted HDR image (or visits a page that delivers one) can be exploited, with code running in the context of the GIMP process. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow RCE Gimp
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-60468 MEDIUM POC This Month

Heap use-after-free in GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master crashes the application when a local authenticated user processes a specially crafted MPEG-2 TS or MP4 file. The defect resides in `gf_filter_pid_inst_swap_delete_task()` within `filter_core/filter_pid.c`, where PID instance cleanup dereferences already-freed objects during a swap/delete operation, causing a heap corruption and denial of service. No public exploit has triggered active exploitation per CISA KEV, but a proof-of-concept is publicly available; EPSS sits at 0.18% (7th percentile), consistent with limited real-world targeting.

Heap Overflow Denial Of Service Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-12725 MEDIUM PATCH This Month

Heap-based buffer overflow in dnsmasq's DNSSEC logging path enables remote denial of service against instances where both DNSSEC validation and query logging are simultaneously enabled. When dnsmasq receives a DS or DNSKEY DNS response containing an algorithm or digest type it does not recognize, its logging routine writes past the end of an internal heap-allocated buffer, corrupting memory and crashing the process. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the network-deliverable attack vector (PR:N) makes the configuration prerequisite the primary limiting factor for defenders.

Buffer Overflow Denial Of Service Heap Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.4%
CVE-2026-12805 LOW POC PATCH Monitor

Heap-based buffer overflow in OFFIS DCMTK's XMLNode::parseFile function (ofstd/libsrc/ofxml.cc) affects all versions through 3.7.0, exploitable by any remote party who can supply a crafted or non-seekable XML input to the parser. The root cause - confirmed by the upstream patch commit - is that the original guard `if (!l)` failed to catch a -1 return from ftell(), allowing a corrupted buffer size to propagate into heap allocation and subsequent write. A public proof-of-concept exploit exists per VulDB and a published Medium writeup; no active exploitation is confirmed via CISA KEV. The CVSS 4.0 score of 2.1 reflects passive-interaction and low-impact ratings, but the presence of public exploit code elevates practical risk for any DCMTK deployment that parses externally influenced XML files.

Buffer Overflow Heap Overflow Dcmtk
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-54896 Ruby LOW PATCH GHSA Monitor

Heap buffer overflow in the Ruby Oj gem (versions before 3.17.3) occurs when Oj.dump serializes Exception objects in :object mode with an extreme :indent value. The pre-allocated output buffer does not account for indent padding bytes, allowing writes past the heap region and corrupting adjacent memory. No public exploit identified at time of analysis; the issue is triggered by developer-chosen serialization options rather than typical attacker-supplied input.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-56208 HIGH This Week

Heap buffer overflow in libaom's AV1 encoder allows attackers who influence encoder configuration to trigger a 232-byte out-of-bounds heap write on every frame after the second, when Look-Ahead Processing (LAP) mode is active with g_lag_in_frames >= 1. Affected deployments include transcoding pipelines and WebRTC servers that pass user-controlled encoder parameters to libaom. No public exploit identified at time of analysis, and the flaw primarily yields a reliable denial of service with a theoretical path to remote code execution via heap corruption.

RCE Heap Overflow Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.6
EPSS
0.3%
CVE-2026-3195 HIGH PATCH This Week

Heap out-of-bounds write in QEMU's virtio-snd paravirtualized sound device allows a malicious guest to corrupt host memory by sending oversized audio input that the `virtio_snd_pcm_in_cb` callback fails to size-check against the iov buffer. The flaw represents an incomplete fix for CVE-2024-7730 and affects hypervisor hosts exposing virtio-snd to untrusted guests. No public exploit identified at time of analysis, but the high CIA impact (C:H/I:H/A:H) and guest-to-host boundary crossing make this a meaningful VM escape candidate.

Heap Overflow Buffer Overflow
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-45696 HIGH PATCH This Week

Heap-buffer-overflow READ in OpenEXR 3.4.0 through 3.4.11 occurs in the HTJ2K decoder's ht_undo_impl() function when processing a crafted EXR file with mismatched codestream and channel widths, producing a deterministic crash and potential adjacent-heap memory disclosure. Any application that opens untrusted EXR files - including thumbnailers, asset pipelines, and the exrcheck utility - is reachable via the standard scanline-decode entry point. No public exploit identified at time of analysis, but the upstream fix is shipped in v3.4.12.

Heap Overflow Buffer Overflow Openexr
NVD GitHub VulDB
CVSS 4.0
8.3
EPSS
0.3%
CVE-2026-2467 CRITICAL Act Now

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to corrupt heap memory in the DDS middleware, impacting integrity and availability of both the vulnerable component and downstream subsystems. The flaw spans a wide range of long-supported branches (5.0.x through 7.6.x) and carries a CVSS 4.0 score of 9.2, though no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Connext Professional
NVD
CVSS 4.0
9.2
EPSS
0.2%
CVE-2026-42055 CRITICAL POC PATCH NEWS Act Now

Heap-based buffer overflow in NGINX Plus and NGINX Open Source affects deployments that proxy HTTP/2 or gRPC traffic upstream when ignore_invalid_headers is off and large_client_header_buffers exceeds 2 MB. Remote unauthenticated attackers sending oversized headers can crash the worker process, and where ASLR is disabled or bypassable, achieve arbitrary code execution. No public exploit identified at time of analysis and CISA SSVC marks exploitation as 'none', but technical impact is rated total.

Nginx Heap Overflow Buffer Overflow Nginx Open Source Nginx Plus
NVD VulDB GitHub
CVSS 4.0
9.2
EPSS
0.6%
CVE-2026-12466 HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Heap Overflow RCE Buffer Overflow +2
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-12447 HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow RCE Buffer Overflow Red Hat +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-47747 HIGH This Week

Heap-based buffer overflow in stable-diffusion.cpp's pickle .ckpt parser allows attackers to corrupt memory and likely achieve code execution when a victim loads a maliciously crafted checkpoint file. The flaw stems from sign confusion in the BINUNICODE opcode length field, causing memcpy to be called with an attacker-controlled, effectively gigantic size derived from a negative signed integer. No public exploit identified at time of analysis, and the issue is fixed in master-584-0a7ae07.

Checkpoint Heap Overflow Buffer Overflow Stable Diffusion Cpp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-47964 HIGH This Week

Heap-based buffer overflow in Adobe DNG SDK versions 1.7.1 (build 2536) and earlier enables arbitrary code execution in the context of the current user when a victim opens a maliciously crafted DNG file. The flaw affects any application or workflow that links the DNG SDK for parsing Digital Negative raw image files, and no public exploit identified at time of analysis. With a CVSS 7.8 (AV:L/UI:R) and user-interaction requirement, exploitation is realistic via social-engineered file delivery rather than remote network attack.

RCE Heap Overflow Buffer Overflow Dng Sdk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-8484 MEDIUM Monitor

Heap corruption in fusesource Jansi's JNI native layer exposes Java applications to denial-of-service through application crashes. The JNI wrapper around the ioctl() system call omits array-size bounds checking before passing the argument array into native heap memory, enabling a heap buffer overflow condition reachable by any local actor who can influence that code path. No fix will be released - the project is confirmed unmaintained at the time CVE-2026-8484 was assigned, and all known versions carry this defect. No public exploit code or active KEV-confirmed exploitation has been identified at time of analysis.

Heap Overflow Buffer Overflow Jansi
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.1%
CVE-2026-52720 HIGH PATCH This Week

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a connecting client, potentially leading to remote code execution or denial of service. The flaw stems from validating rectangle area instead of individual dimensions, letting attacker-controlled rectangles extend beyond the framebuffer. No public exploit identified at time of analysis, though the issue affects GStreamer as shipped across Red Hat Enterprise Linux 6 through 10.

RCE Heap Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +3
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2025-55652 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55645 MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-12193 HIGH POC PATCH This Week

Local privilege escalation in VS Revo RevoUninstaller versions 2.5.x and 2.6.x is possible through a heap-based buffer overflow in the IOCtl_Handler function within the RevoDetector.sys kernel driver. Authenticated local users sending crafted IOCTL requests can corrupt kernel pool memory, potentially achieving SYSTEM-level code execution. Publicly available exploit code exists, and a detailed write-up plus PoC repository have been published, raising the practical risk despite no active exploitation listing.

Heap Overflow Buffer Overflow Revouninstaller
NVD VulDB GitHub
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-55661 MEDIUM This Month

Heap-based buffer overflow in GPAC's MP4Box Opus packet parser exposes file-processing pipelines to heap memory disclosure and application crash when handling a crafted MP4 containing a malformed Opus audio track. Processing a specially constructed file via MP4Box's XML dump mode (-dxml) triggers an out-of-bounds READ of 1 byte beyond a 3-byte heap allocation inside gf_opus_parse_packet_header() at av_parsers.c:11326, with adjacent heap memory potentially leaked as a secondary consequence. No public exploitation has been confirmed (not in CISA KEV), but a functional PoC MP4 file is publicly available on GitHub, lowering the barrier for targeted abuse in automated media-ingestion workflows.

Buffer Overflow Denial Of Service Heap Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-55648 MEDIUM This Month

Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) allows out-of-bounds heap READ when processing a crafted MP4 file containing corrupted stsz (sample-size box) data for an Opus audio track. When a user runs MP4Box with the -dxml flag against a malicious file, gf_opus_parse_packet_header() in av_parsers.c:11297 reads 1 byte beyond a 32-byte heap allocation, 1242 bytes past the base region allocated by Media_GetSample(), potentially leaking adjacent heap memory contents and crashing the process. A public proof-of-concept MP4 file is available; no active exploitation has been recorded in CISA KEV at time of analysis.

Buffer Overflow Denial Of Service Heap Overflow Gpac
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2026-48914 MEDIUM This Month

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The flaw exists because the virtio-blk device omits validation of input descriptor sizes prior to writing data, enabling a malicious guest operator to submit a crafted virtio-blk SCSI request that writes beyond the allocated host heap buffer. The primary confirmed impact is a denial of service (DoS) of the QEMU process on the host; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.

Denial Of Service Heap Overflow Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 +5
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-12030 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow Suse Red Hat
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-12010 HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in the GPU process. Chromium rates this severity Critical, and while no public exploit identified at time of analysis, the bug is part of a classic two-stage exploitation chain typically used in browser zero-day exploits. Patch is available from vendor in Chrome 149.0.7827.115 and later.

Heap Overflow Google Buffer Overflow Suse
NVD VulDB
CVSS 3.1
8.3
EPSS
0.1%
CVE-2026-53465 NuGet MEDIUM PATCH GHSA This Month

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, CWE-122 write primitives carry inherent escalation risk beyond the scored DoS impact depending on heap layout at time of trigger.

Heap Overflow Buffer Overflow Imagemagick Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.2
EPSS
0.0%
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Excel (including Microsoft 365 Apps, Office 2016/2019, Office LTSC 2021/2024, and Office for Mac) arises from a heap-based buffer overflow (CWE-122) triggered when a victim opens a maliciously crafted spreadsheet, letting an attacker run arbitrary code in the user's context. The CVSS 3.1 score is 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), reflecting that exploitation needs user interaction but no prior privileges once the file is opened. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV; Microsoft has released a patch.

Heap Overflow Buffer Overflow Microsoft +9
NVD
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Exchange Server (2016 CU23, 2019 CU14/CU15, and Subscription Edition RTM) lets an authenticated attacker corrupt heap memory to run arbitrary code across the network. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N) shows low-privilege network exploitation with full confidentiality, integrity, and availability impact, and Microsoft has released a patch. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +4
NVD
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows GDI+ (the graphics rendering component) via a heap-based buffer overflow (CWE-122), affecting a broad range of Windows client and server releases from Windows 10 1607 through Windows 11 26H1 and Server 2012 through Server 2025. Per the supplied CVSS vector (PR:N), an unauthorized attacker who gets the vulnerable component to process crafted graphics data can achieve high-impact code execution (C:H/I:H/A:H) on the local system. Microsoft has published a patch; there is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 8.4
HIGH POC PATCH Exploit Likely This Week

Local code execution in the Microsoft Message Queuing (MSMQ) Queue Manager affects a broad range of Windows client and server releases from Windows 10 1607 and Windows Server 2012 through Windows 11 26H1 and Windows Server 2025. A heap-based buffer overflow (CWE-122) lets an attacker who can reach the local MSMQ service run arbitrary code with high confidentiality, integrity, and availability impact; the CVSS 3.1 base score is 8.4 with a local attack vector but no privileges or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the vendor (Microsoft) has released a patch.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Windows Media Foundation lets an unauthorized attacker run arbitrary code by luring a user into opening a specially crafted media file. The flaw affects a broad range of Windows 10, Windows 11, and Windows Server builds (from 1809 through Windows 11 26H1 and Server 2025), and Microsoft has released patches. No public exploit identified at time of analysis, but the low attack complexity and full C/I/A impact make it a standard Patch-Tuesday priority.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 2% CVSS 7.8
HIGH PATCH Exploit Likely This Week

Local privilege escalation in Microsoft Windows Win32K (the kernel-mode GUI subsystem) lets an already-authenticated low-privilege user corrupt kernel heap memory via a heap-based buffer overflow (CWE-122) to gain SYSTEM-level control. The flaw affects a broad range of client and server builds (Windows 10 1607 through Windows 11 26H1, and Windows Server 2016 through 2025). Microsoft has released a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +14
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH Exploit Unlikely This Month

Heap-based buffer overflow in Windows Kernel allows an unauthorized attacker to elevate privileges with a physical attack.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Remote Desktop Client (Windows 11 24H2/25H2/26H1 and Windows Server 2025) allows an unauthenticated network attacker to run arbitrary code via a heap-based buffer overflow. Exploitation is client-side: a victim connecting to an attacker-controlled or malicious RDP endpoint can be compromised, with the CVSS 9.8 vector indicating no privileges or user authentication are required. No public exploit has been identified at time of analysis, but a vendor patch is available and the flaw's parameters make it a high-priority fix.

Heap Overflow Buffer Overflow Windows 11 Version 24H2 +4
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Network denial of service in the Windows Internet Key Exchange (IKE) protocol implementation allows an unauthenticated remote attacker to crash affected systems by triggering a heap-based buffer overflow. All impact is to availability only (CVSS 7.5, A:H, no confidentiality or integrity loss), making this a reliability/uptime threat against IPsec/VPN-facing Windows 10, Windows 11, and Windows Server hosts rather than a code-execution vulnerability. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the low attack complexity and lack of authentication make it a meaningful patching priority for internet-exposed IPsec endpoints.

Heap Overflow Buffer Overflow Microsoft +11
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in the Windows Overlay Filter (WOF) driver allows an authenticated low-privileged user to elevate to SYSTEM by triggering a heap-based buffer overflow (CWE-122). The flaw spans a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 R2 through Server 2025. Microsoft has shipped a patch; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Heap Overflow Buffer Overflow Microsoft +16
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Exploit Unlikely Act Now

Remote code execution in the Microsoft Windows FTP Service allows an unauthenticated network attacker to run arbitrary code by triggering a heap-based buffer overflow (CWE-122). The flaw affects the FTP service across a broad range of Windows 10, Windows 11, and Windows Server (2019/2022/2025) builds and carries a critical CVSS 9.8 rating with no authentication or user interaction required. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated, network-reachable nature of the bug makes it a high-priority patch target.

Heap Overflow Buffer Overflow Microsoft +13
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft Windows DNS lets an already-authenticated, low-privileged attacker corrupt heap memory to gain higher (likely SYSTEM) privileges on affected Windows 10, Windows 11, and Windows Server 2022/2025 systems. The flaw is a heap-based buffer overflow (CWE-122) reported by Microsoft itself, with a vendor patch available via MSRC. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, so it currently represents a patch-priority rather than an emergency.

Heap Overflow Buffer Overflow Microsoft +8
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Remote code execution in Microsoft Active Directory Domain Services (AD DS) allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code on affected domain controllers. The flaw (CVE-2026-49164, CVSS 8.1) spans a broad range of Windows client and server builds from Windows 10 1607 and Server 2012 through Windows 11 26H1 and Server 2025, with full confidentiality, integrity, and availability impact. Microsoft has released a patch; there is no public exploit identified at time of analysis, and the high attack complexity (AC:H) tempers the practical exploitation likelihood.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +17
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in the Microsoft ODBC Driver for SQL Server (shipped across Windows 10, Windows 11, and Windows Server 2012 through 2025) stems from a heap-based buffer overflow that lets an attacker run arbitrary code over the network. The supplied CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) scores it 9.8 and marks it unauthenticated, though as a database driver flaw the realistic trigger is a client connecting to a malicious or compromised SQL Server endpoint. There is no public exploit identified at time of analysis and no CISA KEV listing, so this is a high-severity but not yet actively-exploited issue.

Heap Overflow Buffer Overflow Windows 10 Version 1607 +18
NVD
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in the Windows Bluetooth Port Driver lets an adjacent, unauthenticated attacker corrupt heap memory to run arbitrary code on the target after minimal user interaction. The flaw (CWE-122 heap-based buffer overflow) affects a broad range of client and server SKUs from Windows 10 1607 through Windows 11 26H1 and Windows Server 2012 through 2025, with full confidentiality, integrity, and availability impact (CVSS 8.0). There is no public exploit identified at time of analysis, but a vendor patch is available from Microsoft.

Heap Overflow Buffer Overflow Microsoft +18
NVD
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG 0.13.4-154-g0b573035 allows a local low-privileged attacker to corrupt heap memory by supplying a crafted DWG file processed through the R2004 section decompressor, yielding partial confidentiality, integrity, and availability impact. The vulnerability resides in `decompress_R2004_section` within `src/decode.c` and is exploitable whenever LibreDWG parses attacker-controlled R2004-format DWG content. A public proof-of-concept exploit file has been disclosed on GitHub; no CISA KEV listing is present, indicating no confirmed widespread active exploitation at time of analysis.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

Local privilege escalation in SecureAge CatchPulse endpoint protection (versions up to and including 10.9.3) stems from a heap-based buffer overflow in the kernel driver saappctl.sys, where an authenticated local user can corrupt kernel heap memory to gain code execution at ring 0. Publicly available exploit code exists (demonstrated in a YouTube proof-of-concept), but there is no public exploit identified as being used in active attacks and the issue is not on CISA KEV. The CVSS 4.0 base score of 7.1 reflects local-only reachability but full compromise of confidentiality, integrity, and availability on the host once triggered.

Heap Overflow Buffer Overflow Catchpulse
NVD VulDB GitHub
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Heap-based out-of-bounds read in ImageMagick before 7.1.2-19 is triggered when processing an image carrying an unrecognized magnify:method value, causing the magnify operation to read beyond allocated heap memory. Affected systems running any version prior to 7.1.2-19 can be impacted when a user or automated pipeline processes a specially crafted image file, with outcomes ranging from partial memory disclosure to application crash. No active exploitation is confirmed (not in CISA KEV) and no public proof-of-concept has been identified at time of analysis, and the CVSS 4.0 score of 4.8 (Medium) reflects the limited local/interactive nature of the attack.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard (unprivileged) user escalate to SYSTEM by planting a maliciously crafted process whose Process Environment Block (PEB) contains oversized command-line or current-directory strings. When the osquery agent - typically running as SYSTEM - queries the `processes` table against that process, unchecked PEB string lengths trigger a heap-based out-of-bounds write (CWE-122). No public exploit has been identified at time of analysis, and it is not listed in CISA KEV.

Privilege Escalation Heap Overflow Microsoft +2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in osquery on Windows prior to 5.23.1 lets a standard user escalate to SYSTEM by planting a maliciously crafted binary and having the authenticode table query it, triggering a heap out-of-bounds write in the getOriginalProgramName publisher-parsing routine. The flaw is a CWE-122 heap buffer overflow reachable whenever osquery (typically running as SYSTEM) evaluates authenticode publisher metadata against attacker-controlled files. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; EPSS was not provided.

Privilege Escalation Heap Overflow Microsoft +2
NVD GitHub
EPSS 0% CVSS 3.9
LOW Monitor

Heap overflow in libarchive's PAX extended header parser allows exploitation via a maliciously crafted tar archive containing a malformed SUN.holesdata sparse-file attribute. Successful exploitation of the affected system could result in a denial of service condition or, in more serious cases, arbitrary code execution under the privileges of the process invoking libarchive. No public exploit code or active exploitation has been confirmed at time of analysis, though a GitHub pull request (#3253) indicating an upstream fix is available suggests the issue is reproducible and patch-ready. The official CVSS score of 3.9 (Low) conflicts materially with the vendor-applied RCE tag, a discrepancy that warrants independent validation.

Denial Of Service RCE Heap Overflow +1
NVD GitHub VulDB
MEDIUM PATCH This Month

Heap buffer overflow in pymonocypher's argon2i_32 function allows memory corruption when callers supply an undersized nb_blocks buffer, violating the library's API contract without triggering any bounds check. Applications using pymonocypher prior to version 4.0.2.8 that invoke the Argon2i password-hashing interface are at risk of heap corruption, which can produce crashes or potentially enable controlled memory writes. No public exploit code has been identified at time of analysis, and no active exploitation has been confirmed.

Heap Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in GNU LibreDWG up to version 0.13.4 allows local low-privileged attackers to corrupt heap memory via a specially crafted DWG file containing malicious BMP image data processed by the dwg_bmp function in src/dwg.c. A public proof-of-concept exploit (a crafted R13/R2000 .dwg file) has been disclosed on GitHub, raising the urgency for affected deployments that process untrusted DWG input. No confirmed active exploitation (CISA KEV) has been recorded, and a vendor-released patch in version 0.14 fully resolves the issue.

Heap Overflow Buffer Overflow Libredwg
NVD VulDB GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

Heap-based buffer overflow in Samsung's open-source Escargot JavaScript engine corrupts heap memory when processing maliciously crafted input, leading to a high-severity availability impact and a limited integrity impact. The vulnerability affects all Escargot releases before commit ef525f337fafddecde77a3c426212a84bb20cb98, targeting embedded and IoT contexts where the engine is deployed - most notably Samsung TV appliances. No public exploit identified at time of analysis, and no CISA KEV listing, but the local-vector, low-complexity nature of heap overflows makes this reliably triggerable once an attacker can supply crafted input to the engine.

Heap Overflow Samsung Buffer Overflow +1
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Heap-based buffer overflow in FreeRDP (the widely used open-source RDP client library) allows a malicious or compromised RDP server to corrupt client memory and potentially achieve remote code execution in the connecting client's context. The flaw lives in the primary drawing-order parser (update_read_delta_points in libfreerdp/core/orders.c), where an inverted integer-overflow guard let an attacker-controlled point count produce an undersized heap allocation followed by an out-of-bounds write. No public exploit identified at time of analysis; the issue is fixed in FreeRDP 3.28.0 (GHSA-v5wf-j8j4-77h7).

Heap Overflow Buffer Overflow Freerdp
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0-4.6.6 and 4.4.0-4.4.16 is caused by a heap-based buffer overflow in the Catapult DCT2000 protocol dissector, crashing the application when a crafted capture file is opened. The CVSS local attack vector (AV:L) and required user interaction (UI:R) constrain exploitation to scenarios where an analyst is socially engineered into opening a malicious capture file - no remote or unauthenticated network exploitation path exists. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; vendor-released fixes are available in 4.6.7 and 4.4.17.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The pcapng file parser in Wireshark 4.6.0 through 4.6.6 contains a heap-based buffer overflow (CWE-122) that crashes the application, resulting in denial of service. An attacker must convince a user to open a specially crafted pcapng capture file, making this a social-engineering-dependent attack with no network-facing exploitation path. No public exploit code has been identified at time of analysis and the vulnerability is not listed in CISA KEV; a vendor patch is available in Wireshark 4.6.7.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Heap-based buffer overflow in Wireshark's Z39.50 protocol dissector crashes the application when processing malformed Z39.50 PDUs, resulting in denial of service. Affected versions span the 4.4.x branch (4.4.0-4.4.16) and 4.6.x branch (4.6.0-4.6.6). An attacker can trigger the crash by persuading an analyst to open a crafted packet capture file or by injecting malicious Z39.50 traffic onto a monitored network segment; no active exploitation (CISA KEV) or public exploit code has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Wireshark's UMTS FP protocol dissector affects the 4.6.0-4.6.6 and 4.4.0-4.4.16 release branches, where a malformed UMTS Frame Protocol packet triggers a heap-based buffer overflow (CWE-122) that crashes the application. A remote attacker who can get the crafted frame parsed - via live capture on a monitored segment or a shared capture file - can reliably terminate the analyzer, with no confidentiality or integrity impact. Publicly available exploit code exists (SSVC=poc) but it is not on CISA KEV, and EPSS is low at 0.14% (4th percentile), indicating minimal observed exploitation pressure.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Wireshark 4.6.0 through 4.6.6 lets a remote attacker crash the application by feeding it a malformed TLS packet using the Encrypted Client Hello (ECH) extension, triggering a heap buffer overflow in the ECH decryptor. No authentication or user interaction beyond processing the traffic is required, though impact is limited to availability (analyzer crash) with no code execution or data disclosure claimed. Publicly available exploit code exists per SSVC (POC), EPSS is low at 0.14% (4th percentile), and it is not listed in CISA KEV.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in Wireshark's ciscodump remote capture utility (extcap) affects versions 4.6.0 through 4.6.6 and 4.4.0 through 4.4.16, where a heap-based buffer overflow (CWE-122) can crash the capture tool. An attacker able to feed crafted data to a running ciscodump session can terminate the process, disrupting live packet capture. A POC is referenced by CISA's SSVC assessment (no public exploit code independently identified), it is not in CISA KEV, and EPSS is very low at 0.10% (1st percentile), indicating minimal likelihood of widespread exploitation.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation via heap buffer overflow in the X.Org Server (versions before 21.1.24) and Xwayland (before 24.1.13) allows a local user holding an X connection to corrupt heap memory by supplying a malicious PCX font. The flaw lives in the SetFont code path, where missing glyph boundary checks let an oversized or malformed glyph write past its heap allocation, yielding full confidentiality, integrity, and availability impact (CVSS 7.8). There is no public exploit identified at time of analysis; EPSS is low at 0.28% and CISA SSVC rates exploitation as none.

Buffer Overflow Heap Overflow X Server +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in the X.Org libXfont2 library (versions before 2.0.8) stems from a heap buffer overflow in the BitmapScaleBitmaps routine, where a 32-bit size calculation overflows during bitmap font scaling. Any client able to connect to the X Server and request scaled bitmap fonts can corrupt heap memory and run code within the X server's process context, which is frequently privileged. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; EPSS is low at 0.37% (29th percentile), consistent with the SSVC finding of no observed exploitation despite total technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Arbitrary code execution in libXfont2 before 2.0.8 lets an authenticated X client corrupt heap memory inside the X server via a maliciously crafted PCF bitmap font. The flaw sits in ComputeScaledProperties(), where a missing bounds check on the property buffer allows a heap overflow (CWE-122) that runs in the X server's security context - typically root on traditional Linux desktops. There is no public exploit identified at time of analysis; EPSS is modest at 0.58% and CISA SSVC rates exploitation as 'none' with 'total' technical impact.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Heap-based code execution in libXfont2 before 2.0.8 allows an authenticated X client to run arbitrary code inside the X server by supplying a malformed PCF font that trips missing glyph bounds checking in pcfReadFont(). Because X servers frequently run with elevated (often root) privileges, a successful exploit can escalate from a low-privileged client to full host compromise. No public exploit is identified at time of analysis and CISA SSVC rates current exploitation as none, but the technical impact is rated total.

Buffer Overflow Heap Overflow Libxfont
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Heap buffer overflow in GNU Wget through 1.25.0 allows network-positioned attackers to corrupt heap memory by serving a maliciously crafted filename that triggers a flawed iconv E2BIG reallocation path in convert_fname() within src/url.c. The miscalculated remaining-space offset during reallocation writes beyond the allocated heap region, producing a high-availability impact (process crash) and limited integrity exposure. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV; however, the fix is confirmed via upstream commit c2640fe on the official GNU Wget GitLab repository.

Heap Overflow Buffer Overflow Wget
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Heap-buffer-overflow in 389 Directory Server's DN normalization routine allows an unauthenticated remote attacker to corrupt heap memory and likely crash the LDAP service. The flaw triggers when the server processes an LDAP operation - such as a search request - whose base DN contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), causing an out-of-bounds write during RDN attribute-value pair sorting. Per the confirmed CVSS vector (PR:N), no authentication is required; no public exploit code or CISA KEV listing has been identified at time of analysis.

Heap Overflow Denial Of Service Buffer Overflow +10
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LDAP client to crash the server by sending an oversized UNBIND packet over a SASL integrity-protected connection. The oversized data overflows a fixed 512-byte heap receive buffer in sasl_io_recv() (sasl_io.c), and in FreeIPA / Red Hat IdM any domain user, enrolled host, or service account with a valid Kerberos ticket can trigger it after GSSAPI authentication. There is no public exploit identified at time of analysis, and this flaw is distinct from the earlier CVE-2025-14905 schema.c overflow, which did not fix this code path.

Heap Overflow Denial Of Service Buffer Overflow +10
NVD VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in GPAC's MP4Box component allows a local low-privileged attacker to crash the application by supplying a crafted MP4 file. The vulnerable function `sgpd_del_entry` in `src/isomedia/box_code_base.c` mishandles the `data` argument during Sample Group Description Box parsing, triggering an out-of-bounds heap write. A public proof-of-concept exploit exists; however, the vulnerability is not in CISA KEV and the CVSS 4.0 score of 4.8 reflects limited availability-only impact with no confidentiality or integrity compromise.

Heap Overflow Buffer Overflow Gpac
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in radare2's Java binary parser (all versions up to 6.1.6) allows a local, low-privileged attacker to crash the tool by supplying a crafted Java class file with a malformed Line Number Table attribute. The vulnerable function `r_bin_java_inner_classes_attr_calc_size()` in `shlr/java/class.c` miscalculates buffer sizes, resulting in a heap write beyond allocated bounds and a denial-of-service outcome. A public proof-of-concept exists via GitHub issue #26043; no active exploitation has been confirmed by CISA KEV, and impact is confined to availability with no confidentiality or integrity effects.

Heap Overflow Java Buffer Overflow +1
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Heap-based buffer overflow in PHP's OpenSSL extension affects all maintained PHP branches (8.2.x, 8.3.x, 8.4.x, 8.5.x) when the AES key-wrap-with-padding (AES-WRAP-PAD) algorithm per RFC 5649 is invoked. The output buffer is allocated based only on plaintext length, omitting the mandatory RFC 5649 padding expansion, causing OpenSSL to write beyond the allocated heap region, corrupt heap metadata, and abort the process. No public exploit has been identified at time of analysis; vendor-released patches are available for all affected branches.

Heap Overflow OpenSSL Buffer Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 1.9
LOW POC PATCH Monitor

Heap-based buffer overflow in Assimp's CSM file handler (versions 6.0.0-6.0.5) allows a local low-privileged attacker to corrupt heap memory by supplying a crafted Character Studio Motion (CSM) file to any application that uses the library for asset import. The flaw exists in `Assimp::CSMImporter::InternReadFile` within `code/AssetLib/CSM/CSMLoader.cpp` and affects all Assimp 6.0.x releases confirmed by EUVD-2026-41601. No public exploit identified at time of analysis as a KEV entry, but a publicly available exploit code (poc.zip) exists, and the upstream patch commit is available though not yet confirmed in a tagged release.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Edge (Chromium-based) stems from a heap-based buffer overflow (CWE-122) that a network attacker can trigger when a victim renders crafted web content. The CVSS 3.1 base score is 8.8 with a network vector requiring user interaction (UI:R), and Microsoft has released an official fix (RL:O). No public exploit identified at time of analysis — the temporal metric E:U marks exploit code as unproven — and it is not listed in CISA KEV.

Heap Overflow Microsoft Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in GIMP's Paint Shop Pro (PSP) image format parser lets an attacker achieve arbitrary code execution or crash the application when a victim opens a maliciously crafted PSP file. The flaw stems from incorrect buffer-size arithmetic on low bit-depth images, and affects GIMP as shipped across Red Hat Enterprise Linux 6 through 9. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; exploitation requires local file-open interaction (CVSS 7.3).

Heap Overflow Denial Of Service Buffer Overflow +5
NVD VulDB
CVSS 7.3
HIGH PATCH This Week

Heap out-of-bounds writes in jxl-oxide's jxl-grid crate allow attacker-controlled memory corruption on 32-bit platforms when decoding a crafted JPEG XL image, potentially leading to arbitrary code execution. An integer overflow in AlignedGrid's width×height length calculation produces an undersized backing buffer for huge logical dimensions, after which rendering writes through mutable subgrids beyond the allocation. Publicly available exploit code exists in the advisory (miri/ASan PoC tests); no active exploitation is reported (not in CISA KEV) and no EPSS score was provided.

Heap Overflow Buffer Overflow RCE
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap corruption in the V8 JavaScript engine of Google Chrome before 150.0.7871.46 lets a remote attacker who lures a user to a crafted HTML page and coaxes them into specific UI gestures potentially achieve memory corruption and code execution in the renderer. The flaw was reported internally by the Chrome team and is patched in the Stable channel; no public exploit identified at time of analysis, and EPSS is low (0.18%, 8th percentile). Note the tension in the signals: NVD/aggregator CVSS is 8.8 (High) while Google's own Chromium severity rating is Low.

Heap Overflow Buffer Overflow Google +1
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome desktop before 150.0.7871.46 is possible through a heap buffer overflow in the Skia graphics library, letting an attacker who has already compromised the renderer process break out of the sandbox via a crafted HTML page. Rated Critical by Chromium and CVSS 8.3, it is a second-stage bug: it presumes prior renderer code execution rather than granting initial access on its own. No public exploit identified at time of analysis, and CISA SSVC records exploitation status as none.

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Heap Overflow Python Buffer Overflow +2
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Heap Overflow Python Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in Open Asset Import Library (Assimp) versions up to 5.4.3 allows a local attacker with low privileges to corrupt heap memory by supplying a crafted 3D model file with manipulated width or height values to the SceneCombiner::Copy function in code/Common/SceneCombiner.cpp. A public proof-of-concept exploit has been disclosed via GitHub issue #6079, elevating real-world risk despite the local-only attack vector. No confirmed patched release has been independently verified at time of analysis, and exploitation conditions require only low-privilege local access with no user interaction beyond loading the malicious file.

Heap Overflow Buffer Overflow Assimp
NVD VulDB GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Heap buffer overflow in the Telephony subsystem of MediaTek chipsets enables local privilege escalation on affected Android devices, delivering full confidentiality, integrity, and availability impact. Twenty-two specific MediaTek SoC variants are confirmed affected, spanning the MT6xxx and MT8xxx mid-range and budget families. No public exploit has been identified at time of analysis; MediaTek has issued patch ALPS11006447 via their July 2026 security bulletin, but exploitation requires a pre-existing System-level privilege on the device, making this a chaining vulnerability rather than a standalone entry vector.

Privilege Escalation Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Sandbox escape in Google Chrome prior to 150.0.7871.47 exploits a heap-based buffer overflow (CWE-122) in the Storage component, enabling an attacker who has already compromised the renderer process to break out of Chrome's sandbox via a crafted HTML page. This is a chained, second-stage vulnerability - renderer compromise through a separate flaw is a hard prerequisite, making standalone exploitation infeasible. EPSS sits at 0.21% (11th percentile), there is no CISA KEV listing, and no public exploit code has been identified at time of analysis; a vendor patch is confirmed available as Chrome 150.0.7871.47.

Heap Overflow Buffer Overflow Google +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap-based integer overflow in Google Chrome's Chromecast component allows an adjacent-network attacker to achieve arbitrary code execution against browsers running versions prior to 150.0.7871.47. The flaw is reachable via crafted malicious network traffic and carries a high CVSS of 8.8; Google has shipped a stable-channel fix, and no public exploit has been identified at time of analysis. Chromium rates the underlying issue as Medium severity despite the high CVSS, reflecting the adjacency and interaction constraints.

Heap Overflow RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Sandbox escape in Google Chrome desktop versions prior to 150.0.7871.47 stems from a heap buffer overflow in the Chromecast component, letting an attacker who has already compromised the renderer process break out of the browser sandbox via a crafted HTML page. Rated High by Chromium and CVSS 9.6, but it is a second-stage bug requiring prior renderer control, and there is no public exploit identified at time of analysis (SSVC exploitation: none, EPSS 0.22%). No CISA KEV listing exists, indicating no confirmed active exploitation.

Heap Overflow Buffer Overflow Google +1
NVD VulDB
EPSS 0% CVSS 3.7
LOW Monitor

Heap buffer overflow in the Ruby JSON gem's streaming generator (versions 2.9.0-2.19.8) enables reliable process crash via attacker-controlled serialized data. When applications invoke `JSON.dump(obj, io)` or `JSON::State#generate(obj, io)` to stream JSON to an IO object, the C-level generator can write past its internal buffer if the serialized object contains a string near 16 KB in size. Impact is confined to denial of service - reliable process termination - with no evidence of confidentiality or integrity impact. No public exploit code and no CISA KEV listing are identified at time of analysis; the CVSS score of 3.7 (Low) appropriately reflects the constrained attack conditions.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Heap-based buffer overflow in libtiff's PixarLog codec decoder lets attackers crash or potentially execute code in any application that decodes a maliciously crafted PixarLog-compressed TIFF using the PIXARLOGDATAFMT_8BITABGR output format with a specific stride value. Any software linking libtiff for TIFF decoding is exposed, with impact ranging from denial of service to potential arbitrary code execution. No public exploit identified at time of analysis and the issue is not on the CISA KEV list, so exploitation is theoretical rather than observed.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 2.9
LOW POC Monitor

Heap-based buffer overflow in PcapPlusPlus 25.05 allows remote attackers to crash applications that parse attacker-controlled pcapng files via a crafted `captured_packet_length` value in the `parse_by_block_type` function of the LightPcapNg Parser. A publicly available proof-of-concept exploit (poc.zip) exists, though confirmed impact is limited to availability - application crash/denial-of-service - with no confidentiality or integrity impact indicated by the CVSS 4.0 vector. No active exploitation is confirmed, and no patch has been identified at time of analysis.

Heap Overflow Buffer Overflow Pcapplusplus
NVD VulDB GitHub
EPSS 0% CVSS 1.9
LOW POC Monitor

Heap-based buffer overflow in LLVM llvm-project through version 22.1.6 allows a local low-privilege attacker to crash affected LLVM tooling by supplying a crafted bitcode file that triggers an out-of-bounds heap write in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. The LLVM project was notified via a GitHub issue report but has not yet responded or released a patch. A proof-of-concept exploit has been publicly disclosed, and no active exploitation is confirmed in CISA KEV.

Heap Overflow Buffer Overflow Llvm Project
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.

Denial Of Service Buffer Overflow N A +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Heap buffer overflow in snap7 v1.4.3 crashes the embedded S7 server when processing a specially crafted write function packet targeting TS7Worker::PerformFunctionWrite() in /core/s7_server.cpp. Systems deploying snap7 as an S7-compatible communication server - common in industrial SCADA, HMI, and IoT gateway applications bridging to Siemens S7-series PLCs - can be disrupted remotely with no privileges required per the CVSS PR:N designation. No public exploit identified at time of analysis, and the EPSS score of 0.19% (8th percentile) reflects minimal current exploitation activity; however, operational impact in OT environments can exceed what the CVSS Availability score alone suggests.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.

RCE Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Denial-of-service memory corruption in RTKLIB through version 2.4.3 lets an attacker crash GNSS post-processing applications such as rnx2rtkp and RTKPOST by supplying a malicious RINEX observation file. The readrnxobsb function in src/rinex.c fails to clamp the satellite-count value read from RINEX epoch headers, so a file declaring more than 64 satellites per epoch triggers a heap buffer overflow write and out-of-bounds stack reads. Publicly available exploit code exists (VulnCheck/GitHub issue #796); there is no public exploit identified as actively exploited, and the CVSS 4.0 impact is limited to availability (VA:H).

Heap Overflow Buffer Overflow Rtklib
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Memory corruption in Apache Kvrocks' embedded Lua scripting engine allows a client able to run EVAL/EVALSHA commands to trigger a stack buffer overflow in the bit.tohex() function, potentially crashing the server or corrupting process memory toward code execution. Kvrocks is a Redis-protocol-compatible distributed key-value store, and this flaw was disclosed via the oss-security mailing list on 2026-06-25 alongside three other Kvrocks issues. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Path Traversal Buffer Overflow Apache +1
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Arbitrary code execution in GIMP results from a heap-based buffer overflow in the HDR file parser, where attacker-controlled length data is copied into an undersized heap buffer without bounds validation. Any user who opens a maliciously crafted HDR image (or visits a page that delivers one) can be exploited, with code running in the context of the GIMP process. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Heap Overflow Buffer Overflow RCE +1
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Heap use-after-free in GPAC MP4Box 2.5-DEV-rev1593-gfe88c3545-master crashes the application when a local authenticated user processes a specially crafted MPEG-2 TS or MP4 file. The defect resides in `gf_filter_pid_inst_swap_delete_task()` within `filter_core/filter_pid.c`, where PID instance cleanup dereferences already-freed objects during a swap/delete operation, causing a heap corruption and denial of service. No public exploit has triggered active exploitation per CISA KEV, but a proof-of-concept is publicly available; EPSS sits at 0.18% (7th percentile), consistent with limited real-world targeting.

Heap Overflow Denial Of Service Buffer Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Heap-based buffer overflow in dnsmasq's DNSSEC logging path enables remote denial of service against instances where both DNSSEC validation and query logging are simultaneously enabled. When dnsmasq receives a DS or DNSKEY DNS response containing an algorithm or digest type it does not recognize, its logging routine writes past the end of an internal heap-allocated buffer, corrupting memory and crashing the process. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog; however, the network-deliverable attack vector (PR:N) makes the configuration prerequisite the primary limiting factor for defenders.

Buffer Overflow Denial Of Service Heap Overflow +6
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Heap-based buffer overflow in OFFIS DCMTK's XMLNode::parseFile function (ofstd/libsrc/ofxml.cc) affects all versions through 3.7.0, exploitable by any remote party who can supply a crafted or non-seekable XML input to the parser. The root cause - confirmed by the upstream patch commit - is that the original guard `if (!l)` failed to catch a -1 return from ftell(), allowing a corrupted buffer size to propagate into heap allocation and subsequent write. A public proof-of-concept exploit exists per VulDB and a published Medium writeup; no active exploitation is confirmed via CISA KEV. The CVSS 4.0 score of 2.1 reflects passive-interaction and low-impact ratings, but the presence of public exploit code elevates practical risk for any DCMTK deployment that parses externally influenced XML files.

Buffer Overflow Heap Overflow Dcmtk
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Heap buffer overflow in the Ruby Oj gem (versions before 3.17.3) occurs when Oj.dump serializes Exception objects in :object mode with an extreme :indent value. The pre-allocated output buffer does not account for indent padding bytes, allowing writes past the heap region and corrupting adjacent memory. No public exploit identified at time of analysis; the issue is triggered by developer-chosen serialization options rather than typical attacker-supplied input.

Heap Overflow Buffer Overflow
NVD GitHub
EPSS 0% CVSS 7.6
HIGH This Week

Heap buffer overflow in libaom's AV1 encoder allows attackers who influence encoder configuration to trigger a 232-byte out-of-bounds heap write on every frame after the second, when Look-Ahead Processing (LAP) mode is active with g_lag_in_frames >= 1. Affected deployments include transcoding pipelines and WebRTC servers that pass user-controlled encoder parameters to libaom. No public exploit identified at time of analysis, and the flaw primarily yields a reliable denial of service with a theoretical path to remote code execution via heap corruption.

RCE Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Heap out-of-bounds write in QEMU's virtio-snd paravirtualized sound device allows a malicious guest to corrupt host memory by sending oversized audio input that the `virtio_snd_pcm_in_cb` callback fails to size-check against the iov buffer. The flaw represents an incomplete fix for CVE-2024-7730 and affects hypervisor hosts exposing virtio-snd to untrusted guests. No public exploit identified at time of analysis, but the high CIA impact (C:H/I:H/A:H) and guest-to-host boundary crossing make this a meaningful VM escape candidate.

Heap Overflow Buffer Overflow
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Heap-buffer-overflow READ in OpenEXR 3.4.0 through 3.4.11 occurs in the HTJ2K decoder's ht_undo_impl() function when processing a crafted EXR file with mismatched codestream and channel widths, producing a deterministic crash and potential adjacent-heap memory disclosure. Any application that opens untrusted EXR files - including thumbnailers, asset pipelines, and the exrcheck utility - is reachable via the standard scanline-decode entry point. No public exploit identified at time of analysis, but the upstream fix is shipped in v3.4.12.

Heap Overflow Buffer Overflow Openexr
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL Act Now

Remote heap-based buffer overflow in RTI Connext Professional Core Libraries allows unauthenticated network attackers to corrupt heap memory in the DDS middleware, impacting integrity and availability of both the vulnerable component and downstream subsystems. The flaw spans a wide range of long-supported branches (5.0.x through 7.6.x) and carries a CVSS 4.0 score of 9.2, though no public exploit identified at time of analysis.

Heap Overflow Buffer Overflow Connext Professional
NVD
EPSS 1% CVSS 9.2
CRITICAL POC PATCH Act Now

Heap-based buffer overflow in NGINX Plus and NGINX Open Source affects deployments that proxy HTTP/2 or gRPC traffic upstream when ignore_invalid_headers is off and large_client_header_buffers exceeds 2 MB. Remote unauthenticated attackers sending oversized headers can crash the worker process, and where ASLR is disabled or bypassable, achieve arbitrary code execution. No public exploit identified at time of analysis and CISA SSVC marks exploitation as 'none', but technical impact is rated total.

Nginx Heap Overflow Buffer Overflow +2
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Google Microsoft Heap Overflow +4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Google Heap Overflow RCE +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in stable-diffusion.cpp's pickle .ckpt parser allows attackers to corrupt memory and likely achieve code execution when a victim loads a maliciously crafted checkpoint file. The flaw stems from sign confusion in the BINUNICODE opcode length field, causing memcpy to be called with an attacker-controlled, effectively gigantic size derived from a negative signed integer. No public exploit identified at time of analysis, and the issue is fixed in master-584-0a7ae07.

Checkpoint Heap Overflow Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Adobe DNG SDK versions 1.7.1 (build 2536) and earlier enables arbitrary code execution in the context of the current user when a victim opens a maliciously crafted DNG file. The flaw affects any application or workflow that links the DNG SDK for parsing Digital Negative raw image files, and no public exploit identified at time of analysis. With a CVSS 7.8 (AV:L/UI:R) and user-interaction requirement, exploitation is realistic via social-engineered file delivery rather than remote network attack.

RCE Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Heap corruption in fusesource Jansi's JNI native layer exposes Java applications to denial-of-service through application crashes. The JNI wrapper around the ioctl() system call omits array-size bounds checking before passing the argument array into native heap memory, enabling a heap buffer overflow condition reachable by any local actor who can influence that code path. No fix will be released - the project is confirmed unmaintained at the time CVE-2026-8484 was assigned, and all known versions carry this defect. No public exploit code or active KEV-confirmed exploitation has been identified at time of analysis.

Heap Overflow Buffer Overflow Jansi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a connecting client, potentially leading to remote code execution or denial of service. The flaw stems from validating rectangle area instead of individual dimensions, letting attacker-controlled rectangles extend beyond the framebuffer. No public exploit identified at time of analysis, though the issue affects GStreamer as shipped across Red Hat Enterprise Linux 6 through 10.

RCE Heap Overflow Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file containing an invalid VP codec configuration. The vulnerable function, gf_isom_vp_config_new in isomedia/avc_ext.c, fails to safely handle attacker-controlled input during ISO Base Media File Format parsing, resulting in a Denial of Service condition. No active exploitation has been confirmed by CISA KEV and no public exploit code has been identified at time of analysis, placing this in a low-urgency remediation tier per SSVC signals.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap buffer overflow in GPAC MP4Box v2.4 crashes the application when processing a maliciously crafted MP4 file, triggering a DoS condition in the CENC DRM sample handler. The vulnerable code path resides in gf_cenc_set_pssh (isomedia/drm_sample.c), which processes Protection System Specific Header data embedded in MP4 containers. SSVC confirms no active exploitation, no public exploit exists, and the CVSS local-vector/user-interaction requirement significantly constrains real-world attack surface.

Denial Of Service Heap Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

Local privilege escalation in VS Revo RevoUninstaller versions 2.5.x and 2.6.x is possible through a heap-based buffer overflow in the IOCtl_Handler function within the RevoDetector.sys kernel driver. Authenticated local users sending crafted IOCTL requests can corrupt kernel pool memory, potentially achieving SYSTEM-level code execution. Publicly available exploit code exists, and a detailed write-up plus PoC repository have been published, raising the practical risk despite no active exploitation listing.

Heap Overflow Buffer Overflow Revouninstaller
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in GPAC's MP4Box Opus packet parser exposes file-processing pipelines to heap memory disclosure and application crash when handling a crafted MP4 containing a malformed Opus audio track. Processing a specially constructed file via MP4Box's XML dump mode (-dxml) triggers an out-of-bounds READ of 1 byte beyond a 3-byte heap allocation inside gf_opus_parse_packet_header() at av_parsers.c:11326, with adjacent heap memory potentially leaked as a secondary consequence. No public exploitation has been confirmed (not in CISA KEV), but a functional PoC MP4 file is publicly available on GitHub, lowering the barrier for targeted abuse in automated media-ingestion workflows.

Buffer Overflow Denial Of Service Heap Overflow
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Heap-based buffer overflow in GPAC MP4Box (all versions prior to fix commit 61bbfd2e89553373ba3449b8ec05b5f098d732a5) allows out-of-bounds heap READ when processing a crafted MP4 file containing corrupted stsz (sample-size box) data for an Opus audio track. When a user runs MP4Box with the -dxml flag against a malicious file, gf_opus_parse_packet_header() in av_parsers.c:11297 reads 1 byte beyond a 32-byte heap allocation, 1242 bytes past the base region allocated by Media_GetSample(), potentially leaking adjacent heap memory contents and crashing the process. A public proof-of-concept MP4 file is available; no active exploitation has been recorded in CISA KEV at time of analysis.

Buffer Overflow Denial Of Service Heap Overflow +1
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The flaw exists because the virtio-blk device omits validation of input descriptor sizes prior to writing data, enabling a malicious guest operator to submit a crafted virtio-blk SCSI request that writes beyond the allocated host heap buffer. The primary confirmed impact is a denial of service (DoS) of the QEMU process on the host; no public exploit code has been identified at time of analysis and it is not listed in the CISA KEV catalog.

Denial Of Service Heap Overflow Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox through a heap-based out-of-bounds write in the GPU process triggered by a crafted HTML page. Chromium rates the severity High and a vendor patch is available, but no public exploit has been identified at time of analysis. The CVSS 8.3 score reflects the chained nature of the attack (compromised renderer required) combined with full impact across confidentiality, integrity, and availability.

Heap Overflow Google Buffer Overflow +2
NVD VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sandbox escape in Google Chrome on Android prior to 149.0.7827.115 allows a remote attacker who has already compromised the renderer process to break out of the sandbox via a crafted HTML page that triggers a heap buffer overflow in the GPU process. Chromium rates this severity Critical, and while no public exploit identified at time of analysis, the bug is part of a classic two-stage exploitation chain typically used in browser zero-day exploits. Patch is available from vendor in Chrome 149.0.7827.115 and later.

Heap Overflow Google Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Heap-based buffer over-write in ImageMagick's SF3 encoder prior to version 7.1.2-25 allows an attacker who can supply a crafted multi-frame image to corrupt heap memory, yielding high availability impact and potential integrity exposure. All ImageMagick installations before 7.1.2-25 are affected regardless of platform. No public exploit has been identified at time of analysis and the vulnerability is absent from CISA KEV; however, CWE-122 write primitives carry inherent escalation risk beyond the scored DoS impact depending on heap layout at time of trigger.

Heap Overflow Buffer Overflow Imagemagick +2
NVD GitHub VulDB
Prev Page 2 of 22 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy