CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,324 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 43 of 47
- CVE-2026-32961MEDIUMCVSS 5.3EG 5.32026-04-20
SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition.
- CVE-2026-33020HIGHCVSS 7.1EG 7.12026-04-14
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixel_frame_convert_to_rgb888() in frame.c, where allocation size…
- CVE-2026-33602MEDIUMCVSS 6.5EG 6.52026-04-22
A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
- CVE-2026-33633HIGHCVSS 7.5EG 7.52026-05-19
Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in load_image_data() that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is tr…
- CVE-2026-33837HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- CVE-2026-33841HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-33899MEDIUMCVSS 5.3EG 5.32026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds.…
- CVE-2026-33901HIGHCVSS 7.5EG 7.52026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when…
- CVE-2026-33984HIGHCVSS 7.5EG 7.52026-03-30
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If reall…
- CVE-2026-33986HIGHCVSS 7.5EG 7.52026-03-30
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recall…
- CVE-2026-34118MEDIUMCVSS 6.5EG 6.52026-04-02
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary valid…
- CVE-2026-34119MEDIUMCVSS 6.5EG 6.52026-04-02
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary vali…
- CVE-2026-34120MEDIUMCVSS 6.5EG 6.52026-04-02
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming…
- CVE-2026-34329HIGHCVSS 8.8EG 8.82026-05-12
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
- CVE-2026-34336HIGHCVSS 7.8EG 7.82026-05-12
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-34343HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
- CVE-2026-34355HIGHCVSS 7.5EG 7.52026-06-08
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
- CVE-2026-34356HIGHCVSS 7.5EG 7.52026-06-08
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.6…
- CVE-2026-34545HIGHCVSS 7.3EG 7.32026-04-01
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ…
- CVE-2026-34627HIGHCVSS 7.8EG 7.82026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-34628HIGHCVSS 7.8EG 7.82026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-34629HIGHCVSS 7.8EG 7.82026-04-14
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-34630HIGHCVSS 7.8EG 7.82026-04-14
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in…
- CVE-2026-34642HIGHCVSS 7.8EG 7.82026-05-12
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti…
- CVE-2026-34687HIGHCVSS 7.8EG 7.82026-05-12
Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction…
- CVE-2026-34698HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-34699HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-34701HIGHCVSS 7.8EG 7.82026-06-09
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user intera…
- CVE-2026-34707HIGHCVSS 7.8EG 7.82026-06-09
InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in t…
- CVE-2026-34743MEDIUMCVSS 5.3EG 5.32026-04-02
XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where …
- CVE-2026-34865CRITICALCVSS 9.1EG 9.12026-04-13
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
- CVE-2026-34979MEDIUMCVSS 5.3EG 5.32026-04-03
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job att…
- CVE-2026-35199MEDIUMCVSS 6.1EG 6.12026-04-06
SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^M…
- CVE-2026-35420HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-35421HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
- CVE-2026-3548CRITICALCVSS 9.8EG 9.82026-03-19
Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for suffici…
- CVE-2026-35512HIGHCVSS 8.8EG 8.82026-04-17
xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-controlled size parameters, allowing an out…
- CVE-2026-35547HIGHCVSS 8.1EG 9.12026-04-30
When processing the header of an incoming message, libnv failed to properly validate the message size. The lack of validation allows a malicious program to write outside the bounds of a heap allocation. This can trigger a crash or system…
- CVE-2026-3555HIGHCVSS 8.0EG 8.02026-03-16
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue …
- CVE-2026-3556HIGHCVSS 8.8EG 8.82026-03-16
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentic…
- CVE-2026-3557HIGHCVSS 8.0EG 8.02026-03-16
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips …
- CVE-2026-3560HIGHCVSS 8.8EG 8.82026-03-16
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Brid…
- CVE-2026-3561HIGHCVSS 8.0EG 8.02026-03-16
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Altho…
- CVE-2026-38427HIGHCVSS 7.3EG 7.32026-05-27
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, cau…
- CVE-2026-3845HIGHCVSS 8.8EG 8.82026-03-10
Heap buffer overflow in the Audio/Video: Playback component in Firefox for Android. This vulnerability was fixed in Firefox 148.0.2.
- CVE-2026-39103MEDIUMCVSS 5.5EG 5.52026-05-05
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()
- CVE-2026-40033HIGHCVSS 8.8EG 8.82026-05-26
FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_M…
- CVE-2026-40169MEDIUMCVSS 6.2EG 6.22026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a yaml or json output, resulting in a crash…
- CVE-2026-40183MEDIUMCVSS 5.5EG 5.52026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats. …
- CVE-2026-40310MEDIUMCVSS 5.5EG 5.52026-04-13
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →