CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,323 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 36 of 47
- CVE-2025-54574CRITICALCVSS 9.3EG 9.32025-08-01
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version…
- CVE-2025-5462HIGHCVSS 7.5EG 7.52025-08-12
A heap-based buffer overflow in Ivanti Connect Secure before 22.7R2.8 or 22.8R2, Ivanti Policy Secure before 22.7R1.5, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix deployed on 02-Aug-2025…
- CVE-2025-54630MEDIUMCVSS 6.8EG 6.82025-08-06
:Vulnerability of insufficient data length verification in the DFA module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2025-5477HIGHCVSS 7.5EG 7.52025-06-21
Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must f…
- CVE-2025-5479HIGHCVSS 7.5EG 7.52025-06-21
Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. A…
- CVE-2025-54878HIGHCVSS 8.6EG 8.62025-08-11
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap b…
- CVE-2025-54894HIGHCVSS 7.8EG 7.82025-09-09
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
- CVE-2025-54900HIGHCVSS 7.8EG 7.82025-09-09
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2025-54907HIGHCVSS 7.8EG 7.82025-09-09
Heap-based buffer overflow in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
- CVE-2025-54910HIGHCVSS 8.4EG 8.42025-09-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-54949CRITICALCVSS 9.8EG 9.82025-08-07
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be
- CVE-2025-54951CRITICALCVSS 9.8EG 9.82025-08-07
A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9…
- CVE-2025-55004HIGHCVSS 7.6EG 7.62025-08-13
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when…
- CVE-2025-55005MEDIUMCVSS 5.5EG 5.52025-08-13
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-1, when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the refe…
- CVE-2025-55118HIGHCVSS 8.9EG 8.92025-09-16
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting …
- CVE-2025-5517MEDIUMCVSS 6.8EG 6.82025-10-20
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox (MID/ CE) -Terra AC Juno CE, ABB Terra AC wallbox (MID/ CE) -Terr…
- CVE-2025-55286HIGHCVSS 7.3EG 7.32025-08-16
z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism for storing coverage data. This differs from the standard alpha mask surface used for the …
- CVE-2025-55645MEDIUMCVSS 5.5EG 5.52026-06-15
A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- CVE-2025-55648MEDIUMCVSS 5.5EG 5.52026-06-15
A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- CVE-2025-55652MEDIUMCVSS 5.5EG 5.52026-06-15
A heap buffer overflow in the gf_isom_vp_config_new function (isomedia/avc_ext.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- CVE-2025-55661MEDIUMCVSS 5.5EG 5.52026-06-15
A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- CVE-2025-55664MEDIUMCVSS 5.5EG 5.52026-06-01
A heap buffer overflow in the m2tsdmx_send_packet function (filters/dmx_m2ts.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
- CVE-2025-55697HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.
- CVE-2025-56394HIGHCVSS 7.5EG 7.52025-09-23
Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.
- CVE-2025-57106HIGHCVSS 7.5EG 7.52025-10-31
Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
- CVE-2025-57107HIGHCVSS 7.1EG 7.12025-10-31
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in vtkGLTFDocumentLoader. When processing specially crafted GLTF files, the copy constructor of Accessor objects fails to properly validate buf…
- CVE-2025-5750HIGHCVSS 8.8EG 8.82025-06-06
WOLFBOX Level 2 EV Charger tuya_svc_devos_activate_result_parse Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WOL…
- CVE-2025-57637HIGHCVSS 7.5EG 7.52025-09-23
Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or execute arbitrary code.
- CVE-2025-57638HIGHCVSS 7.5EG 7.52025-09-23
Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.
- CVE-2025-57709HIGHCVSS 8.1EG 8.12026-02-11
A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in …
- CVE-2025-57740HIGHCVSS 8.8EG 7.52025-10-14
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions; FortiPAM version 1.5.0, version 1.4.2 and below, 1.3 all versi…
- CVE-2025-57803HIGHCVSS 7.5EG 7.52025-08-26
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the BMP encoder’s scanline-stride computa…
- CVE-2025-57807LOWCVSS 3.8EG 3.82025-09-05
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end…
- CVE-2025-58050CRITICALCVSS 9.1EG 9.12025-08-27
The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handl…
- CVE-2025-58077HIGHCVSS 8.0EG 8.02026-02-03
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted set of network p…
- CVE-2025-5830HIGHCVSS 8.8EG 8.82025-06-25
Autel MaxiCharger AC Wallbox Commercial DLB_SlaveRegister Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel Max…
- CVE-2025-58447CRITICALCVSS 9.8EG 9.82025-09-09
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session …
- CVE-2025-58455HIGHCVSS 8.0EG 8.02026-02-03
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet who…
- CVE-2025-58722HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
- CVE-2025-58725HIGHCVSS 7.0EG 7.02025-10-14
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
- CVE-2025-5915MEDIUMCVSS 6.6EG 3.92025-06-09
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may a…
- CVE-2025-59191HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2025-59242HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2025-59254HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2025-59255HIGHCVSS 7.8EG 7.82025-10-14
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2025-59275HIGHCVSS 7.8EG 7.82025-10-14
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
- CVE-2025-59295HIGHCVSS 8.8EG 8.82025-10-14
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
- CVE-2025-5942MEDIUMCVSS 5.7EG 5.72025-08-14
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death…
- CVE-2025-59482HIGHCVSS 8.0EG 8.02026-02-03
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet con…
- CVE-2025-59487HIGHCVSS 8.0EG 8.02026-02-03
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper va…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →