CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,321 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 15 of 47
- CVE-2023-33152HIGHCVSS 7.0EG 7.02023-07-11
Microsoft ActiveX Remote Code Execution Vulnerability
- CVE-2023-33221MEDIUMCVSS 6.8EG 6.82023-12-15
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Ex…
- CVE-2023-3428MEDIUMCVSS 6.2EG 6.22023-10-04
A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.
- CVE-2023-34289HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to ex…
- CVE-2023-34299HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction i…
- CVE-2023-3430HIGHCVSS 7.5EG 7.52023-12-18
A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. This flaw allows a remote attacker to pass a specially crafted file to the application, which triggers a heap-based buf…
- CVE-2023-34318HIGHCVSS 7.8EG 7.82023-07-10
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
- CVE-2023-34432HIGHCVSS 7.8EG 7.82023-07-10
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.
- CVE-2023-34474MEDIUMCVSS 5.5EG 5.52023-06-16
A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user in opening specially crafted file, triggering an out-of-bounds read error, allowing an …
- CVE-2023-34488HIGHCVSS 7.8EG 7.82023-06-12
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
- CVE-2023-3463MEDIUMCVSS 6.6EG 6.62023-07-19
All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bo…
- CVE-2023-35302HIGHCVSS 8.8EG 8.82023-07-11
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-35304HIGHCVSS 7.8EG 7.82023-07-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-35305HIGHCVSS 7.8EG 7.82023-07-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-35337HIGHCVSS 7.8EG 7.82023-07-11
Win32k Elevation of Privilege Vulnerability
- CVE-2023-35350HIGHCVSS 7.2EG 7.22023-07-11
Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability
- CVE-2023-35363HIGHCVSS 7.8EG 7.82023-07-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-35374HIGHCVSS 7.8EG 7.82023-07-11
Paint 3D Remote Code Execution Vulnerability
- CVE-2023-35630HIGHCVSS 8.8EG 8.82023-12-12
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability
- CVE-2023-35639HIGHCVSS 8.8EG 8.82023-12-12
Microsoft ODBC Driver Remote Code Execution Vulnerability
- CVE-2023-35709HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to ex…
- CVE-2023-36028CRITICALCVSS 9.8EG 9.82023-11-14
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
- CVE-2023-36036HIGHCVSS 7.8EG 9.0⚠ KEV2023-11-14
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2023-36042MEDIUMCVSS 6.2EG 6.22023-11-14
Visual Studio Denial of Service Vulnerability
- CVE-2023-36400HIGHCVSS 8.8EG 8.82023-11-14
Windows HMAC Key Derivation Elevation of Privilege Vulnerability
- CVE-2023-36402HIGHCVSS 8.8EG 8.82023-11-14
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2023-36408HIGHCVSS 7.8EG 7.82023-11-14
Windows Hyper-V Elevation of Privilege Vulnerability
- CVE-2023-36417HIGHCVSS 7.8EG 7.82023-10-10
Microsoft SQL OLE DB Remote Code Execution Vulnerability
- CVE-2023-36423HIGHCVSS 8.8EG 7.22023-11-14
Microsoft Remote Registry Service Remote Code Execution Vulnerability
- CVE-2023-36425HIGHCVSS 8.0EG 8.02023-11-14
Windows Distributed File System (DFS) Remote Code Execution Vulnerability
- CVE-2023-36532MEDIUMCVSS 5.9EG 5.92023-08-08
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
- CVE-2023-36577HIGHCVSS 8.8EG 8.82023-10-10
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2023-36598HIGHCVSS 7.8EG 7.82023-10-10
Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability
- CVE-2023-36730HIGHCVSS 7.8EG 7.82023-10-10
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2023-36739HIGHCVSS 7.8EG 7.82023-09-12
3D Viewer Remote Code Execution Vulnerability
- CVE-2023-36740HIGHCVSS 7.8EG 7.82023-09-12
3D Viewer Remote Code Execution Vulnerability
- CVE-2023-36770HIGHCVSS 7.8EG 7.82023-09-12
3D Builder Remote Code Execution Vulnerability
- CVE-2023-36771HIGHCVSS 7.8EG 7.82023-09-12
3D Builder Remote Code Execution Vulnerability
- CVE-2023-36772HIGHCVSS 7.8EG 7.82023-09-12
3D Builder Remote Code Execution Vulnerability
- CVE-2023-36793HIGHCVSS 7.8EG 7.82023-09-12
Visual Studio Remote Code Execution Vulnerability
- CVE-2023-36824HIGHCVSS 7.4EG 9.02023-07-11
Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corr…
- CVE-2023-36865HIGHCVSS 7.8EG 7.82023-08-08
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2023-36896HIGHCVSS 7.8EG 7.82023-08-08
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2023-37246HIGHCVSS 7.8EG 7.82023-07-11
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while…
- CVE-2023-37247HIGHCVSS 7.8EG 7.82023-07-11
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while…
- CVE-2023-37294HIGHCVSS 8.3EG 8.32024-01-09
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or a…
- CVE-2023-37295HIGHCVSS 8.3EG 8.32024-01-09
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or ava…
- CVE-2023-37297HIGHCVSS 8.3EG 8.32024-01-09
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availab…
- CVE-2023-37328HIGHCVSS 8.8EG 8.82024-05-03
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is requir…
- CVE-2023-37329HIGHCVSS 8.8EG 8.82024-05-03
GStreamer SRT File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is requir…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →