CWE-122— Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().— MITRE CWE catalog
2,324 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 45 of 47
- CVE-2026-45252MEDIUMCVSS 5.5EG 5.52026-05-21
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a…
- CVE-2026-45466LOWCVSS 3.3EG 3.32026-06-09
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2026-45469HIGHCVSS 7.8EG 7.82026-06-09
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-45475HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-45542HIGHCVSS 7.1EG 7.12026-06-10
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The fir…
- CVE-2026-45584HIGHCVSS 8.1EG 8.12026-05-20
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
- CVE-2026-45636HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- CVE-2026-45638HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- CVE-2026-45653HIGHCVSS 7.0EG 7.02026-06-09
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- CVE-2026-45657CRITICALCVSS 9.8EG 9.82026-06-09
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
- CVE-2026-45696MEDIUMCVSS 6.5EG 6.52026-06-18
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000) decoder, ht_undo_impl() in OpenEXRCore …
- CVE-2026-46520HIGHCVSS 7.5EG 7.52026-05-18
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, when reading multiple images with different dimensions an out of bounds heap write can occur. This iss…
- CVE-2026-46692MEDIUMCVSS 4.1EG 4.12026-05-22
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-write i…
- CVE-2026-46752CRITICALCVSS 10.0EG 10.02026-06-25
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
- CVE-2026-47289HIGHCVSS 8.8EG 8.82026-06-09
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
- CVE-2026-47291CRITICALCVSS 9.8EG 9.82026-06-09
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
- CVE-2026-47311CRITICALCVSS 9.8EG 7.82026-05-19
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- CVE-2026-47635HIGHCVSS 8.4EG 8.42026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-47652HIGHCVSS 8.2EG 8.22026-06-09
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
- CVE-2026-47747HIGHCVSS 7.8EG 7.82026-06-16
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a …
- CVE-2026-47749HIGHCVSS 7.8EG 7.82026-06-16
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Versions prior to master-584-0a7ae07 are vulnerable to heap buffer overflow in SHORT_BINUNICOD…
- CVE-2026-47952HIGHCVSS 7.8EG 7.82026-06-09
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires…
- CVE-2026-47964HIGHCVSS 7.8EG 7.82026-06-16
DNG SDK versions 1.7.1 2536 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in th…
- CVE-2026-48065MEDIUMCVSS 6.7EG 6.72026-05-27
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evaluation of the config file, without first …
- CVE-2026-48131HIGHCVSS 8.1EG 8.12026-05-26
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary…
- CVE-2026-48135MEDIUMCVSS 5.3EG 5.32026-05-26
A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.
- CVE-2026-48291HIGHCVSS 7.8EG 7.82026-06-09
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in …
- CVE-2026-48292HIGHCVSS 7.8EG 7.82026-06-09
Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in …
- CVE-2026-48574HIGHCVSS 7.8EG 7.82026-06-09
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
- CVE-2026-48689CRITICALCVSS 9.8EG 9.82026-05-26
FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_…
- CVE-2026-48690HIGHCVSS 7.1EG 7.12026-05-26
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the allocate_buffer() function computes memory_size_in_bytes as 'buffer_size_in_packe…
- CVE-2026-48691CRITICALCVSS 9.8EG 9.82026-05-26
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segm…
- CVE-2026-48914MEDIUMCVSS 6.7EG 6.72026-06-12
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by subm…
- CVE-2026-4892HIGHCVSS 8.4EG 8.42026-05-11
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
- CVE-2026-48994MEDIUMCVSS 5.9EG 5.92026-06-10
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit …
- CVE-2026-49840CRITICALCVSS 9.1EG 9.12026-06-09
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content…
- CVE-2026-49841CRITICALCVSS 9.8EG 9.82026-06-09
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request hand…
- CVE-2026-51218MEDIUMCVSS 6.5EG 6.52026-06-29
A heap buffer overflow in the TS7Worker::PerformFunctionWrite() function (/core/s7_server.cpp) of snap7 v1.4.3 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
- CVE-2026-51219MEDIUMCVSS 6.5EG 6.52026-06-29
A heap buffer overflow in the HighPriorityASDUQueue_hasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service (DoS) via a crafted payload.
- CVE-2026-5187CRITICALCVSS 9.8EG 9.82026-04-09
Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] and out[1]), enabling a 2-byte out-of-bo…
- CVE-2026-5201HIGHCVSS 7.5EG 7.52026-03-31
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacke…
- CVE-2026-5244HIGHCVSS 7.3EG 7.32026-04-02
A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow…
- CVE-2026-5264CRITICALCVSS 9.8EG 9.82026-04-09
Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow.
- CVE-2026-5272HIGHCVSS 8.8EG 8.82026-04-01
Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-52720HIGHCVSS 8.8EG 8.82026-06-15
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extend…
- CVE-2026-5275HIGHCVSS 8.8EG 8.82026-04-01
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-53465MEDIUMCVSS 6.2EG 6.22026-06-10
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can result in a heap buffer over-write when encoding it with the SF3 encoder. This issue has be…
- CVE-2026-54000HIGHCVSS 7.0EG 7.02026-07-10
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes tab…
- CVE-2026-54001HIGHCVSS 7.0EG 7.02026-07-10
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the authenticode …
- CVE-2026-5402HIGHCVSS 8.8EG 8.82026-04-30
TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →