CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,323 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 30 of 47
- CVE-2025-21237HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21238HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21239HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21240HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21241HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21245HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21246HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21248HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21250HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21252HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21256MEDIUMCVSS 6.6EG 6.62025-01-14
Windows Digital Media Elevation of Privilege Vulnerability
- CVE-2025-21266HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21273HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21282HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21286HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21302HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21303HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21305HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21306HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21333HIGHCVSS 7.8EG 9.0⚠ KEV2025-01-14
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
- CVE-2025-21339HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21356HIGHCVSS 7.8EG 7.82025-01-14
Microsoft Office Visio Remote Code Execution Vulnerability
- CVE-2025-21368HIGHCVSS 8.8EG 8.82025-02-11
Microsoft Digest Authentication Remote Code Execution Vulnerability
- CVE-2025-21369HIGHCVSS 8.8EG 8.82025-02-11
Microsoft Digest Authentication Remote Code Execution Vulnerability
- CVE-2025-21371HIGHCVSS 8.8EG 8.82025-02-11
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21375HIGHCVSS 7.8EG 7.82025-02-11
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
- CVE-2025-21376HIGHCVSS 8.1EG 8.12025-02-11
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CVE-2025-21378HIGHCVSS 7.8EG 7.82025-01-14
Windows CSC Service Elevation of Privilege Vulnerability
- CVE-2025-21382HIGHCVSS 7.8EG 7.82025-01-14
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2025-21390HIGHCVSS 7.8EG 7.82025-02-11
Microsoft Excel Remote Code Execution Vulnerability
- CVE-2025-21395HIGHCVSS 7.8EG 7.82025-01-14
Microsoft Access Remote Code Execution Vulnerability
- CVE-2025-21407HIGHCVSS 8.8EG 8.82025-02-11
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21409HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21410HIGHCVSS 8.8EG 8.82025-02-11
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2025-21411HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21413HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21414HIGHCVSS 7.0EG 7.02025-02-11
Windows Core Messaging Elevation of Privileges Vulnerability
- CVE-2025-21417HIGHCVSS 8.8EG 8.82025-01-14
Windows Telephony Service Remote Code Execution Vulnerability
- CVE-2025-21418HIGHCVSS 7.8EG 9.0⚠ KEV2025-02-11
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2025-2152MEDIUMCVSS 6.3EG 6.32025-03-10
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp of the component File Handler. Th…
- CVE-2025-2153MEDIUMCVSS 5.0EG 5.02025-03-10
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to …
- CVE-2025-22134MEDIUMCVSS 5.5EG 4.22025-01-13
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a b…
- CVE-2025-22258MEDIUMCVSS 6.5EG 6.52025-10-14
A heap-based buffer overflow in Fortinet FortiSRA 1.5.0, 1.4.0 through 1.4.2, FortiPAM 1.5.0, 1.4.0 through 1.4.2, 1.3.0 through 1.3.1, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy 7.6.0 through 7.6.1, 7.4.0 through 7.4.7, F…
- CVE-2025-22880HIGHCVSS 7.8EG 7.82025-02-07
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this v…
- CVE-2025-22881HIGHCVSS 7.8EG 7.82025-02-26
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this v…
- CVE-2025-22920MEDIUMCVSS 5.3EG 5.32025-02-18
A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Servi…
- CVE-2025-2308MEDIUMCVSS 5.3EG 5.32025-03-14
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An atta…
- CVE-2025-2309MEDIUMCVSS 5.3EG 5.32025-03-14
A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is r…
- CVE-2025-2310MEDIUMCVSS 5.3EG 5.32025-03-14
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a req…
- CVE-2025-23123CRITICALCVSS 10.0EG 10.02025-05-19
A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras (Version 4.75.43 and earlier) firmware.
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →