CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,323 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 31 of 47
- CVE-2025-23308LOWCVSS 3.3EG 3.32025-09-24
NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on a malicious ELF file. A successful exploit of this vulnerability may…
- CVE-2025-23317CRITICALCVSS 9.1EG 9.12025-08-06
NVIDIA Triton Inference Server contains a vulnerability in the HTTP server, where an attacker could start a reverse shell by sending a specially crafted HTTP request. A successful exploit of this vulnerability might lead to remote code exe…
- CVE-2025-2337MEDIUMCVSS 6.3EG 6.32025-03-16
A vulnerability, which was classified as critical, has been found in tbeu matio 1.5.28. This issue affects the function Mat_VarPrint of the file src/mat.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated r…
- CVE-2025-2338MEDIUMCVSS 6.3EG 6.32025-03-16
A vulnerability, which was classified as critical, was found in tbeu matio 1.5.28. Affected is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remo…
- CVE-2025-2368MEDIUMCVSS 6.3EG 6.32025-03-17
A vulnerability was found in WebAssembly wabt 1.0.36 and classified as critical. This issue affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport of the file wabt/src/interp/binary-reader-interp.cc of the c…
- CVE-2025-24048HIGHCVSS 7.8EG 7.82025-03-11
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-24050HIGHCVSS 7.8EG 7.82025-03-11
Heap-based buffer overflow in Role: Windows Hyper-V allows an authorized attacker to elevate privileges locally.
- CVE-2025-24051HIGHCVSS 8.8EG 8.82025-03-11
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2025-24056HIGHCVSS 8.8EG 8.82025-03-11
Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.
- CVE-2025-24057HIGHCVSS 7.8EG 7.82025-03-11
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-24063HIGHCVSS 7.8EG 7.82025-05-13
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2025-24066HIGHCVSS 7.8EG 7.82025-03-11
Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
- CVE-2025-24067HIGHCVSS 7.8EG 7.82025-03-11
Heap-based buffer overflow in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-24439HIGHCVSS 7.8EG 7.82025-03-11
Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact…
- CVE-2025-24443HIGHCVSS 7.8EG 7.82025-03-11
Substance3D - Sampler versions 4.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact…
- CVE-2025-24453HIGHCVSS 7.8EG 7.82025-03-11
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2025-24477MEDIUMCVSS 4.2EG 4.22025-07-15
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specially crafted CLI command
- CVE-2025-24797CRITICALCVSS 9.4EG 9.42025-04-15
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentiall…
- CVE-2025-2497HIGHCVSS 7.8EG 7.82025-04-15
A maliciously crafted DWG file, when parsed through Autodesk Revit, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
- CVE-2025-24985HIGHCVSS 7.8EG 9.0⚠ KEV2025-03-11
Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
- CVE-2025-24993HIGHCVSS 7.8EG 9.0⚠ KEV2025-03-11
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- CVE-2025-24995HIGHCVSS 7.8EG 7.82025-03-11
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-25249CRITICALCVSS 9.8EG 8.12026-01-13
A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, FortiSwitchManager 7.2.0 through 7.2.6, …
- CVE-2025-2531HIGHCVSS 7.8EG 7.82025-03-25
Luxion KeyShot DAE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required …
- CVE-2025-2584MEDIUMCVSS 5.0EG 5.02025-03-21
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipul…
- CVE-2025-2592MEDIUMCVSS 6.3EG 6.32025-03-21
A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to…
- CVE-2025-2618CRITICALCVSS 9.8EG 9.82025-03-22
A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffe…
- CVE-2025-26416CRITICALCVSS 9.8EG 9.82025-09-02
In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is n…
- CVE-2025-26455HIGHCVSS 7.8EG 7.82025-09-04
In multiple functions of NdkMediaCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee…
- CVE-2025-26634HIGHCVSS 7.5EG 7.52025-03-11
Heap-based buffer overflow in Windows Core Messaging allows an authorized attacker to elevate privileges over a network.
- CVE-2025-26639HIGHCVSS 7.8EG 7.82025-04-08
Integer overflow or wraparound in Windows USB Print Driver allows an authorized attacker to elevate privileges locally.
- CVE-2025-26666HIGHCVSS 7.8EG 7.82025-04-08
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
- CVE-2025-26668HIGHCVSS 7.5EG 7.52025-04-08
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2025-26674HIGHCVSS 7.8EG 7.82025-04-08
Heap-based buffer overflow in Windows Media allows an authorized attacker to execute code locally.
- CVE-2025-27091HIGHCVSS 7.5EG 7.52025-02-20
OpenH264 is a free license codec library which supports H.264 encoding and decoding. A vulnerability in the decoding functions of OpenH264 codec library could allow a remote, unauthenticated attacker to trigger a heap overflow. This vulner…
- CVE-2025-27171HIGHCVSS 7.8EG 7.82025-03-11
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2025-27173HIGHCVSS 7.8EG 7.82025-03-11
Substance3D - Modeler versions 1.15.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2025-27177HIGHCVSS 7.8EG 7.82025-03-11
InDesign Desktop versions ID20.1, ID19.5.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2025-27193HIGHCVSS 7.8EG 7.82025-04-08
Bridge versions 14.1.5, 15.0.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2025-27195HIGHCVSS 7.8EG 7.82025-04-08
Media Encoder versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti…
- CVE-2025-27196HIGHCVSS 7.8EG 7.82025-04-08
Premiere Pro versions 25.1, 24.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…
- CVE-2025-27198HIGHCVSS 7.8EG 7.82025-04-08
Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2025-27199HIGHCVSS 7.8EG 7.82025-04-08
Animate versions 24.0.7, 23.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction …
- CVE-2025-27477HIGHCVSS 8.8EG 8.82025-04-08
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to execute code over a network.
- CVE-2025-27478HIGHCVSS 7.0EG 7.02025-04-08
Heap-based buffer overflow in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.
- CVE-2025-27487HIGHCVSS 8.0EG 8.02025-04-08
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
- CVE-2025-27490HIGHCVSS 7.8EG 7.82025-04-08
Heap-based buffer overflow in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
- CVE-2025-2754MEDIUMCVSS 6.3EG 6.32025-03-25
A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been declared as critical. Affected by this vulnerability is the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of t…
- CVE-2025-2756MEDIUMCVSS 6.3EG 6.32025-03-25
A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::AC3DImporter::ConvertObjectSection of the file code/AssetLib/AC/ACLoader.cpp of the component AC3D File Hand…
- CVE-2025-2757MEDIUMCVSS 6.3EG 6.32025-03-25
A vulnerability classified as critical was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function AI_MD5_PARSE_STRING_IN_QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Hand…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →