Heap-Buffer-Overflow

NGINX JavaScript is vulnerable to a heap buffer overflow (CVE-2026-8711) when the js_fetch_proxy directive is configured with client-controlled variables and ngx.fetch(), allowing unauthenticated attackers to cause worker process restarts or, with ASLR disabled, code execution via crafted HTTP requests.

CVE-2026-44673 describes an integer overflow in the lyb_read_string() function of the libyang library that can lead to a heap buffer overflow, potentially allowing for arbitrary code execution.

CVE-2026-40398 is a heap-based buffer overflow vulnerability in Windows Remote Desktop that allows an authorized attacker to elevate privileges locally.

A heap-buffer-overflow vulnerability exists in binutils when processing a specially crafted XCOFF object file, potentially leading to arbitrary code execution or denial of service.

ImageMagick versions before 7.1.2-19 and 6.9.13-44 are vulnerable to a heap buffer overflow in the MVG decoder, potentially leading to an out-of-bounds write when processing a crafted image, which can result in denial of service or arbitrary code execution.

CVE-2026-20884 is an integer overflow vulnerability in LibRaw's deflate_dng_load_raw function that leads to a heap buffer overflow when processing crafted DNG files.

A heap-buffer-overflow read vulnerability exists in openFPGALoader 1.1.1 and earlier, allowing out-of-bounds heap memory access via a crafted .pof file, potentially leading to denial of service or information disclosure.

A heap-buffer-overflow read vulnerability exists in FreeRDP versions prior to 3.24.2, specifically in the winpr_aligned_offset_recalloc() function, potentially leading to denial of service or information disclosure.

A heap buffer overflow vulnerability (CVE-2026-4675) exists in Google Chrome's WebGL implementation prior to version 146.0.7680.165, allowing a remote attacker to perform an out-of-bounds memory read via a specially crafted HTML page, potentially leading to information disclosure or arbitrary code execution.

An integer overflow in the `smallbitvec` crate leads to an undersized heap allocation, enabling heap buffer overflows through safe APIs, affecting versions 1.0.1 through 2.6.0.