CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,324 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 40 of 47
- CVE-2026-14415HIGHCVSS 8.8EG 8.82026-07-02
Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security …
- CVE-2026-14427HIGHCVSS 8.3EG 8.32026-07-02
Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2026-14610MEDIUMCVSS 5.3EG 5.32026-07-03
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes hea…
- CVE-2026-14759HIGHCVSS 7.8EG 3.32026-07-05
A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function r_bin_java_inner_classes_attr_calc_size of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a ma…
- CVE-2026-14940MEDIUMCVSS 5.3EG 5.32026-07-07
A heap-buffer-overflow flaw was found in 389 Directory Server (389-ds-base). When normalizing a Distinguished Name (DN) that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name (RDN), the server can wri…
- CVE-2026-15028LOWCVSS 3.9EG 3.92026-07-10
A flaw was found in libarchive. This vulnerability allows a remote attacker to trigger a heap overflow by providing a specially crafted tar archive. The issue occurs during the parsing of a PAX extended header containing a malformed SUN.ho…
- CVE-2026-15123HIGHCVSS 8.8EG 8.82026-07-08
Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-15164MEDIUMCVSS 5.5EG 5.52026-07-08
Crash in ciscodump 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
- CVE-2026-15165MEDIUMCVSS 5.5EG 5.52026-07-08
TLS ECH decryptor crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
- CVE-2026-15169HIGHCVSS 7.5EG 5.52026-07-08
UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
- CVE-2026-15170MEDIUMCVSS 5.5EG 5.52026-07-08
Z39.50 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
- CVE-2026-15173MEDIUMCVSS 5.5EG 4.72026-07-08
pcapng file parser crash in Wireshark 4.6.0 to 4.6.6 allows denial of service
- CVE-2026-15174MEDIUMCVSS 5.5EG 5.52026-07-08
Catapult DCT2000 protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service
- CVE-2026-15182MEDIUMCVSS 5.3EG 5.32026-07-09
A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be c…
- CVE-2026-15506HIGHCVSS 7.8EG 7.82026-07-12
A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An att…
- CVE-2026-15520MEDIUMCVSS 5.3EG 5.32026-07-13
A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based …
- CVE-2026-1861HIGHCVSS 8.8EG 8.82026-02-03
Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-2005HIGHCVSS 8.8EG 8.82026-02-12
Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.
- CVE-2026-2007HIGHCVSS 8.2EG 8.22026-02-12
Heap buffer overflow in PostgreSQL pg_trgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of att…
- CVE-2026-20185HIGHCVSS 7.7EG 7.72026-05-06
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco 350 Series Managed Switches (SG350) and Cisco 350X Series Stackable Managed Switches (SG350X) firmware could allow an authenticated, remote attac…
- CVE-2026-20408HIGHCVSS 8.8EG 8.02026-02-02
In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploi…
- CVE-2026-20452HIGHCVSS 8.0EG 8.02026-06-01
In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with User execution privileges needed. User interaction is not needed for exploitation. Pa…
- CVE-2026-20462MEDIUMCVSS 6.7EG 6.72026-07-01
In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploita…
- CVE-2026-2047HIGHCVSS 7.8EG 7.82026-02-21
GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vul…
- CVE-2026-2049HIGHCVSS 7.8EG 7.82026-06-10
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln…
- CVE-2026-2050HIGHCVSS 7.8EG 7.82026-06-24
GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln…
- CVE-2026-20766HIGHCVSS 8.8EG 8.82026-04-28
An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras.
- CVE-2026-20809HIGHCVSS 7.8EG 7.82026-01-13
Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.
- CVE-2026-20820HIGHCVSS 7.8EG 7.82026-01-13
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-20837HIGHCVSS 7.8EG 7.82026-01-13
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
- CVE-2026-20840HIGHCVSS 7.8EG 7.82026-01-13
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
- CVE-2026-20864HIGHCVSS 7.8EG 7.82026-01-13
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
- CVE-2026-20868HIGHCVSS 8.8EG 8.82026-01-13
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
- CVE-2026-20876MEDIUMCVSS 6.7EG 6.72026-01-13
Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
- CVE-2026-20922HIGHCVSS 7.8EG 7.82026-01-13
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
- CVE-2026-20957HIGHCVSS 7.8EG 7.82026-01-13
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-21236HIGHCVSS 7.8EG 7.82026-02-10
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-21239HIGHCVSS 7.8EG 7.82026-02-10
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-21244HIGHCVSS 7.3EG 7.32026-02-10
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-21245HIGHCVSS 7.8EG 7.82026-02-10
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-21246HIGHCVSS 7.8EG 7.82026-02-10
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
- CVE-2026-21247HIGHCVSS 7.3EG 7.32026-02-10
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-21248HIGHCVSS 7.3EG 7.32026-02-10
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-21259HIGHCVSS 7.8EG 7.82026-02-10
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-21277HIGHCVSS 7.8EG 7.82026-01-13
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-21281HIGHCVSS 7.8EG 7.82026-01-13
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t…
- CVE-2026-21283HIGHCVSS 7.8EG 7.82026-01-13
Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t…
- CVE-2026-21304HIGHCVSS 7.8EG 7.82026-01-13
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-21357HIGHCVSS 7.8EG 7.82026-02-10
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-21358MEDIUMCVSS 5.5EG 5.52026-02-10
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to crash the application, causin…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →