CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,324 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 41 of 47
- CVE-2026-21372HIGHCVSS 7.8EG 7.82026-04-06
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
- CVE-2026-21486HIGHCVSS 7.8EG 7.82026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below contain Use After Free, Heap-based Buffer Overflow and Integer Overflow or Wraparound and Out-of-bounds Write vulnerabi…
- CVE-2026-21488MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1.1 and below are vulnerable to Out-of-bounds Read, Heap-based Buffer Overflow and Improper Null Termination through its CIccTagText:…
- CVE-2026-21490MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects user…
- CVE-2026-21491MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects user…
- CVE-2026-21494MEDIUMCVSS 6.1EG 6.12026-01-06
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects user…
- CVE-2026-21504MEDIUMCVSS 6.6EG 6.62026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This…
- CVE-2026-21676HIGHCVSS 8.8EG 8.82026-01-06
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below have a Heap-based Buffer Overflow in its CIccMBB::Validate function which checks tag data validity. This issue is fixed i…
- CVE-2026-21678HIGHCVSS 7.8EG 7.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(…
- CVE-2026-21682HIGHCVSS 8.8EG 8.82026-01-07
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow in `CIccXml…
- CVE-2026-22027MEDIUMCVSS 6.0EG 6.02026-01-10
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to…
- CVE-2026-22164HIGHCVSS 7.5EG 7.52026-06-08
Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can…
- CVE-2026-22554HIGHCVSS 7.8EG 7.82026-05-20
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
- CVE-2026-22697HIGHCVSS 7.5EG 7.52026-01-10
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to…
- CVE-2026-22828HIGHCVSS 8.1EG 8.12026-04-14
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically craft…
- CVE-2026-22854CRITICALCVSS 9.8EG 9.82026-01-14
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard up…
- CVE-2026-2314HIGHCVSS 8.8EG 8.82026-02-11
Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-23530CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWidth`/`nSrcHeight` against `planar->maxWidth`/`maxHeight` before RLE decode. A malicious se…
- CVE-2026-23531CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompress` calls `freerdp_image_copy_no_overlap` without validating the destination rectangle, al…
- CVE-2026-23532CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s `gdi_SurfaceToSurface` path due to a mismatch between destination rectangle clam…
- CVE-2026-23533CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX ClearCodec decode path when maliciously crafted residual data causes out-of-bounds writes dur…
- CVE-2026-23534CRITICALCVSS 9.8EG 9.82026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destinat…
- CVE-2026-23567MEDIUMCVSS 6.5EG 6.52026-01-29
An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent network attacker to trigger a heap-based buf…
- CVE-2026-23665HIGHCVSS 7.8EG 7.82026-03-10
Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.
- CVE-2026-23719HIGHCVSS 7.8EG 7.82026-02-10
A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted NDB files. This c…
- CVE-2026-23732HIGHCVSS 7.5EG 7.52026-01-19
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a …
- CVE-2026-23750HIGHCVSS 8.1EG 8.12026-02-26
Golioth Pouch version 0.1.0, prior to commit 1b2219a1, contains a heap-based buffer overflow in BLE GATT server certificate handling. server_cert_write() allocates a heap buffer of size CONFIG_POUCH_SERVER_CERT_MAX_LEN when receiving the f…
- CVE-2026-23827HIGHCVSS 7.5EG 7.52026-05-12
A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthentica…
- CVE-2026-23876CRITICALCVSS 9.8EG 8.12026-01-20
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder (ReadXBMImage) allows an attacker to wri…
- CVE-2026-24180HIGHCVSS 7.3EG 7.32026-06-09
NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information dis…
- CVE-2026-24283HIGHCVSS 8.8EG 8.82026-03-10
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
- CVE-2026-24288MEDIUMCVSS 6.8EG 6.82026-03-10
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
- CVE-2026-24405HIGHCVSS 8.8EG 8.82026-01-24
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This occurs when user-co…
- CVE-2026-24406HIGHCVSS 8.8EG 8.82026-01-24
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This occurs when use…
- CVE-2026-24412HIGHCVSS 8.8EG 8.82026-01-24
iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function. This…
- CVE-2026-2447HIGHCVSS 8.8EG 8.82026-02-16
Heap buffer overflow in libvpx. This vulnerability was fixed in Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2.
- CVE-2026-2467HIGHCVSS 8.1EG 8.12026-06-17
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.3, from 6.1.0 before 6.1.*, …
- CVE-2026-24679CRITICALCVSS 9.1EG 9.12026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusb_udev_select_interfac…
- CVE-2026-24682HIGHCVSS 7.5EG 7.52026-02-09
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bounds access in audio_formats_free. This vu…
- CVE-2026-2474HIGHCVSS 7.5EG 7.52026-02-16
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length parameter is non-negative. If a negative value (e.…
- CVE-2026-24822CRITICALCVSS 10.0EG 10.02026-01-27
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in ttttupup wxhelper (src modules). This vulnerability is associated with program files mongoose.C. This issue affects wxhelper: through 3.9.10.19-v1.
- CVE-2026-24829MEDIUMCVSS 6.5EG 6.52026-01-27
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4.
- CVE-2026-24852MEDIUMCVSS 6.1EG 6.12026-01-28
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the strlen() function attempts to read a no…
- CVE-2026-24857CRITICALCVSS 9.8EG 9.82026-01-28
`bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR inside a disk image causes an out‑…
- CVE-2026-24922MEDIUMCVSS 6.9EG 6.92026-02-06
Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-24925HIGHCVSS 7.3EG 7.32026-02-06
Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-25172HIGHCVSS 8.0EG 8.82026-03-10
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- CVE-2026-25173HIGHCVSS 8.0EG 8.02026-03-10
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- CVE-2026-25188HIGHCVSS 8.8EG 8.82026-03-10
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
- CVE-2026-25205HIGHCVSS 7.4EG 7.42026-04-13
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 .
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →