CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,324 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 42 of 47
- CVE-2026-25243HIGHCVSS 8.8EG 8.82026-05-05
Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to execute RESTORE can supply a crafted serial…
- CVE-2026-25582HIGHCVSS 7.8EG 7.82026-02-04
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (read) vulnerability in CIccIO::WriteUIn…
- CVE-2026-25583HIGHCVSS 7.8EG 7.82026-02-04
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow vulnerability in CIccFileIO::Read8() whe…
- CVE-2026-25588HIGHCVSS 8.8EG 8.82026-05-05
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permi…
- CVE-2026-25589HIGHCVSS 8.8EG 8.82026-05-05
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker wit…
- CVE-2026-25646HIGHCVSS 8.1EG 8.12026-02-10
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function.…
- CVE-2026-25713HIGHCVSS 7.8EG 7.82026-05-26
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
- CVE-2026-25749MEDIUMCVSS 6.6EG 6.62026-02-06
Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfn…
- CVE-2026-25794HIGHCVSS 8.2EG 8.22026-02-24
ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to version 7.1.2-15, when image dimensions are…
- CVE-2026-26011CRITICALCVSS 9.8EG 9.82026-02-12
navigation2 is a ROS 2 Navigation Framework and System. In 1.3.11 and earlier, a critical heap out-of-bounds write vulnerability exists in Nav2 AMCL's particle filter clustering logic. By publishing a single crafted geometry_msgs/PoseWithC…
- CVE-2026-26108HIGHCVSS 7.8EG 7.82026-03-10
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26111HIGHCVSS 8.0EG 8.82026-03-10
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
- CVE-2026-26156HIGHCVSS 7.8EG 7.82026-04-14
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
- CVE-2026-26176HIGHCVSS 7.8EG 7.82026-04-14
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
- CVE-2026-26180HIGHCVSS 7.8EG 7.82026-04-14
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-26200HIGHCVSS 7.8EG 7.82026-02-19
HDF5 is software for managing data. Prior to version 1.14.4-2, an attacker who can control an `h5` file parsed by HDF5 can trigger a write-based heap buffer overflow condition. This can lead to a denial-of-service condition, and potentiall…
- CVE-2026-2646HIGHCVSS 8.1EG 8.12026-03-19
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds val…
- CVE-2026-27238HIGHCVSS 7.8EG 7.82026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-27285MEDIUMCVSS 5.5EG 5.52026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application or disrup…
- CVE-2026-27286MEDIUMCVSS 5.5EG 5.52026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in mem…
- CVE-2026-27293HIGHCVSS 7.8EG 7.82026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction …
- CVE-2026-27301MEDIUMCVSS 5.5EG 5.52026-04-14
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. E…
- CVE-2026-27310HIGHCVSS 7.8EG 7.82026-04-14
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2026-27311HIGHCVSS 7.8EG 7.82026-04-14
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2026-27312HIGHCVSS 7.8EG 7.82026-04-14
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2026-27313HIGHCVSS 7.8EG 7.82026-04-14
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2026-27654HIGHCVSS 8.2EG 8.22026-03-24
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker…
- CVE-2026-28421MEDIUMCVSS 5.3EG 5.32026-02-27
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointe…
- CVE-2026-28780CRITICALCVSS 9.8EG 9.82026-05-05
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker co…
- CVE-2026-29004HIGHCVSS 8.1EG 8.12026-05-04
BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler in networking/udhcp/d6_dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sen…
- CVE-2026-29043MEDIUMCVSS 5.5EG 5.52026-04-10
HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-se…
- CVE-2026-2920HIGHCVSS 7.8EG 7.82026-03-16
GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to…
- CVE-2026-30040MEDIUMCVSS 6.5EG 6.52026-06-26
A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.
- CVE-2026-3082HIGHCVSS 7.8EG 7.82026-03-16
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to…
- CVE-2026-3085HIGHCVSS 8.8EG 8.82026-03-16
GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required t…
- CVE-2026-30999HIGHCVSS 7.5EG 7.52026-04-13
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
- CVE-2026-31806CRITICALCVSS 9.8EG 9.82026-03-13
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and…
- CVE-2026-3195HIGHCVSS 7.4EG 7.42026-06-19
A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the `virtio_snd_pcm_in_cb` function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. Thi…
- CVE-2026-32087HIGHCVSS 7.0EG 7.02026-04-14
Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- CVE-2026-32093HIGHCVSS 7.0EG 7.02026-04-14
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
- CVE-2026-32135HIGHCVSS 7.5EG 7.52026-04-20
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off…
- CVE-2026-32149HIGHCVSS 7.3EG 7.32026-04-14
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-32177HIGHCVSS 7.3EG 7.32026-05-12
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-32221HIGHCVSS 8.4EG 8.42026-04-14
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.
- CVE-2026-32223MEDIUMCVSS 6.8EG 6.82026-04-14
Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.
- CVE-2026-32316HIGHCVSS 8.2EG 8.22026-04-13
jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31…
- CVE-2026-32623HIGHCVSS 8.1EG 8.12026-04-17
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the module fails to properly validate the size…
- CVE-2026-32624MEDIUMCVSS 6.5EG 6.52026-04-17
xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp.ini, an unauthenticated remote attacke…
- CVE-2026-32741HIGHCVSS 7.1EG 7.12026-05-19
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the …
- CVE-2026-32956CRITICALCVSS 9.8EG 9.82026-04-20
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device.
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →