CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,324 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 44 of 47
- CVE-2026-40362HIGHCVSS 7.8EG 7.82026-05-12
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-40363HIGHCVSS 8.4EG 8.42026-05-12
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-40364HIGHCVSS 8.4EG 8.42026-05-12
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2026-40377HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
- CVE-2026-40380MEDIUMCVSS 6.2EG 6.22026-05-12
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
- CVE-2026-40398HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
- CVE-2026-40403HIGHCVSS 8.8EG 8.82026-05-12
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
- CVE-2026-40404HIGHCVSS 7.8EG 7.82026-06-09
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- CVE-2026-40407HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- CVE-2026-40504CRITICALCVSS 9.8EG 9.82026-04-16
Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string literals at global scope. Attackers can ex…
- CVE-2026-40528HIGHCVSS 7.8EG 3.82026-05-29
OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configu…
- CVE-2026-40614HIGHCVSS 8.8EG 8.82026-04-21
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validation in the Opus codec decode path. The FE…
- CVE-2026-40706HIGHCVSS 8.4EG 8.42026-04-21
In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfs_build_permissions_posix() in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflo…
- CVE-2026-41096CRITICALCVSS 9.8EG 9.82026-05-12
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
- CVE-2026-41108HIGHCVSS 7.0EG 7.02026-06-09
Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
- CVE-2026-41445HIGHCVSS 8.8EG 8.82026-04-20
KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit integ…
- CVE-2026-41509CRITICALCVSS 9.8EG 9.82026-05-08
CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused by an underflow of the integer mlen. This…
- CVE-2026-4152HIGHCVSS 7.8EG 7.82026-04-11
GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln…
- CVE-2026-4153HIGHCVSS 7.8EG 7.82026-04-11
GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln…
- CVE-2026-4177CRITICALCVSS 9.1EG 9.12026-03-17
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation.…
- CVE-2026-41981MEDIUMCVSS 5.3EG 5.32026-06-09
Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.
- CVE-2026-42046HIGHCVSS 7.8EG 7.82026-05-11
libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an integer overflow vulnerability in libcaca's canvas import functionality allows an attacker to cause a controlled heap out-of-bounds write (heap overflow) by supplying a …
- CVE-2026-42055HIGHCVSS 8.1EG 8.12026-06-17
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists when the proxy_http_version to 2 or grpc_pass directives are used to proxy HTTP/2 traffic…
- CVE-2026-42309MEDIUMCVSS 5.5EG 5.52026-05-09
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could ca…
- CVE-2026-42477HIGHCVSS 7.1EG 7.12026-05-01
A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuadi…
- CVE-2026-42483CRITICALCVSS 9.8EG 9.82026-05-01
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multipl…
- CVE-2026-42512HIGHCVSS 8.1EG 7.32026-04-30
As dhclient is building an environment to pass to dhclient-script, it may need to resize the array of string pointers. The code which expands the array incorrectly calculates its new size when requesting memory, resulting in a heap buffer…
- CVE-2026-42536HIGHCVSS 7.5EG 7.52026-06-08
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68,…
- CVE-2026-42831HIGHCVSS 7.8EG 7.82026-05-12
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-42896HIGHCVSS 7.8EG 7.82026-05-12
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-42904CRITICALCVSS 9.6EG 9.62026-06-09
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
- CVE-2026-42945HIGHCVSS 8.1EG 8.12026-05-13
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expr…
- CVE-2026-42980HIGHCVSS 7.8EG 7.82026-06-09
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-42992HIGHCVSS 7.5EG 7.52026-06-09
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2026-42993HIGHCVSS 7.5EG 7.52026-06-09
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2026-43906HIGHCVSS 7.8EG 7.82026-05-14
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of…
- CVE-2026-4391MEDIUMCVSS 5.3EG 5.32026-05-27
A security vulnerability has been detected in TeamSpeak 3 Server up to 3.13.7. This vulnerability affects unknown code of the component ECC Key Parser. Such manipulation leads to heap-based buffer overflow. The attack may be launched remot…
- CVE-2026-44050CRITICALCVSS 9.9EG 9.92026-05-21
A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute arbitrary code with escalated privileges or cause a denial of service.
- CVE-2026-44420HIGHCVSS 8.8EG 8.82026-05-29
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too…
- CVE-2026-44421HIGHCVSS 8.8EG 8.82026-05-29
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it va…
- CVE-2026-44636HIGHCVSS 7.4EG 7.42026-05-14
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel_encode e…
- CVE-2026-44662MEDIUMCVSS 5.1EG 5.12026-05-14
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used wit…
- CVE-2026-44799HIGHCVSS 7.5EG 7.52026-06-09
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2026-44808HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-44811HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- CVE-2026-44814MEDIUMCVSS 5.5EG 5.52026-06-09
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
- CVE-2026-44819HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-44824HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-44983HIGHCVSS 7.3EG 7.32026-05-26
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocation, resulting in a heap buffer overflow …
- CVE-2026-45130MEDIUMCVSS 5.5EG 5.52026-05-08
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled len…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →