CWE-789— Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.— MITRE CWE catalog
166 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-789page 4 of 4
- CVE-2026-54059HIGHCVSS 7.5EG 7.52026-07-06
Pillow is a Python imaging library. Prior to 12.3.0, PIL/PcfFontFile.py _load_bitmaps() read glyph dimensions from the PCF METRICS section and passed them directly to Image.frombytes() without calling Image._decompression_bomb_check(), all…
- CVE-2026-54060HIGHCVSS 7.5EG 7.52026-07-06
Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile() assembled per-glyph images into a combined bitmap with Image.new("1", (xsize, ysize)) without calling Image._decompression_bomb_check(), allowing a fon…
- CVE-2026-54448MEDIUMCVSS 6.5EG 6.52026-06-25
Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAll(tr) and no size limit. An attacker who can place a malicious .tgz file in the scanned path…
- CVE-2026-54697MEDIUMCVSS 0.0EG 0.02026-06-12
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing ## Summary The DER parser used for application-supplied private keys did not safely validate encoded length values before converting them…
- CVE-2026-54700MEDIUMCVSS 0.0EG 0.02026-06-12
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation ## Summary The SSH protocol parser trusted attacker-controlled length and count fields without first checking that the declared values fit w…
- CVE-2026-55079MEDIUMCVSS 6.5EG 6.52026-07-06
Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.24.0 and prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, `NewDataBuilder` in `provisionersdk/proto/dataupload.go` allocated …
- CVE-2026-55213HIGHCVSS 7.5EG 7.52026-07-10
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-sta…
- CVE-2026-55379HIGHCVSS 7.5EG 7.52026-07-06
Pillow is a Python imaging library. Prior to 12.3.0, PIL/BdfFontFile.py bdf_char() read the BBX width and height field from a BDF font file and passed attacker-controlled dimensions to Image.new() without calling Image._decompression_bomb_…
- CVE-2026-55380HIGHCVSS 7.5EG 7.52026-07-06
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile._open() read image dimensions from the GD 2.x header and stored them in self._size without calling Image._decompression_bomb_check(), allowing a crafted .g…
- CVE-2026-55781LOWCVSS 2.4EG 2.42026-07-10
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's UFS and FFS image handler in NanaZip.Codecs.Archive.Ufs.cpp validates the superblock block size only against the MINBSIZE lower boun…
- CVE-2026-55782LOWCVSS 2.4EG 2.42026-07-10
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and …
- CVE-2026-5740HIGHCVSS 7.5EG 7.52026-05-26
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14... Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to properly validate msgpack-encoded WebSo…
- CVE-2026-59938MEDIUMCVSS 5.3EG 5.32026-07-08
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. T…
- CVE-2026-6340MEDIUMCVSS 4.3EG 4.32026-05-18
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exhaustion and denial of service via upload…
- CVE-2026-8485MEDIUMCVSS 5.9EG 5.92026-05-20
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
- CVE-2026-9538HIGHCVSS 7.5EG 7.52026-05-26
Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), where $block is derived from the entry's…
Map vulnerabilities like CWE-789 to your infrastructure
EchelonGraph correlates every CVE — across CWE-789 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →