...
Given below is a non-exhaustive list of library functions that can be vulnerableto which the above rules can apply:
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...
WG14 Document: N1579 - Rule 5.34 Forming Invalid pointers by library functions.
...