CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 10 of 44
- CVE-2022-31144HIGHCVSS 7.0EG 7.02022-07-19
Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7…
- CVE-2022-3160HIGHCVSS 7.8EG 7.82023-01-13
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process.
- CVE-2022-32137HIGHCVSS 8.8EG 8.82022-06-24
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required.
- CVE-2022-3234HIGHCVSS 7.8EG 7.82022-09-17
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
- CVE-2022-34241HIGHCVSS 7.8EG 7.82022-07-15
Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i…
- CVE-2022-34245HIGHCVSS 7.8EG 7.82022-07-15
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r…
- CVE-2022-34246HIGHCVSS 7.8EG 7.82022-07-15
Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue r…
- CVE-2022-34249HIGHCVSS 7.8EG 7.82022-07-15
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-34250HIGHCVSS 7.8EG 7.82022-07-15
Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requi…
- CVE-2022-3437MEDIUMCVSS 6.5EG 6.52023-01-12
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffe…
- CVE-2022-34400HIGHCVSS 7.1EG 7.12023-02-01
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.
- CVE-2022-34454MEDIUMCVSS 6.7EG 6.72023-02-10
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.
- CVE-2022-34819CRITICALCVSS 10.0EG 10.02022-07-12
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC…
- CVE-2022-3491HIGHCVSS 7.8EG 9.82022-12-03
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
- CVE-2022-3520CRITICALCVSS 9.8EG 9.82022-12-02
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
- CVE-2022-35676HIGHCVSS 7.8EG 7.82022-08-11
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
- CVE-2022-35677HIGHCVSS 7.8EG 7.82022-08-11
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
- CVE-2022-35706HIGHCVSS 7.8EG 7.82022-09-19
Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-35708HIGHCVSS 7.8EG 7.82022-09-19
Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requ…
- CVE-2022-35711CRITICALCVSS 9.8EG 9.82022-10-14
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this …
- CVE-2022-35712CRITICALCVSS 9.8EG 9.82022-10-14
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this …
- CVE-2022-36763HIGHCVSS 7.0EG 7.02024-01-09
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentialit…
- CVE-2022-36764HIGHCVSS 7.0EG 7.02024-01-09
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality…
- CVE-2022-36841MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36842MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36843MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36844MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36845MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36846MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36858MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36860MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36862MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36863MEDIUMCVSS 4.4EG 7.82022-09-09
A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36934CRITICALCVSS 9.8EG 9.82022-09-22
An integer overflow in WhatsApp could result in remote code execution in an established video call.
- CVE-2022-37864HIGHCVSS 7.8EG 7.82022-10-11
A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an a…
- CVE-2022-38401HIGHCVSS 7.8EG 7.82022-09-16
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2022-38404HIGHCVSS 7.8EG 7.82022-09-16
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2022-38405HIGHCVSS 7.8EG 7.82022-09-16
Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requir…
- CVE-2022-38411HIGHCVSS 7.8EG 7.82022-09-16
Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue re…
- CVE-2022-38413HIGHCVSS 7.8EG 7.82022-09-16
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req…
- CVE-2022-38414HIGHCVSS 7.8EG 7.82022-09-16
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req…
- CVE-2022-38415HIGHCVSS 7.8EG 7.82022-09-16
Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req…
- CVE-2022-38432HIGHCVSS 7.8EG 7.82022-09-16
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue …
- CVE-2022-38433HIGHCVSS 7.8EG 7.82022-09-16
Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue …
- CVE-2022-38701MEDIUMCVSS 6.2EG 3.32022-09-09
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
- CVE-2022-38742HIGHCVSS 8.1EG 9.82022-09-23
Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is vulnerable to a heap-based buffer overflow. An attacker could send a specifically crafted TFTP or HTTPS request, causing a heap-based buffer overflow that crashes the T…
- CVE-2022-39068MEDIUMCVSS 4.5EG 4.52024-09-18
There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.
- CVE-2022-39136HIGHCVSS 7.8EG 7.82022-11-08
A vulnerability has been identified in JT2Go (All versions < V14.1.0.4), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.7), Teamcenter Visualization V13.3 (All versions >…
- CVE-2022-39260HIGHCVSS 8.5EG 8.52022-10-19
Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5,…
- CVE-2022-39852HIGHCVSS 8.0EG 7.82022-10-07
A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →