CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 11 of 44
- CVE-2022-40655HIGHCVSS 7.8EG 7.82022-09-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2022-40660HIGHCVSS 7.8EG 7.82022-09-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2022-40661HIGHCVSS 7.8EG 7.82022-09-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2022-4141HIGHCVSS 7.8EG 7.82022-11-25
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
- CVE-2022-41639CRITICALCVSS 9.8EG 9.82022-12-22
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can resul…
- CVE-2022-41794CRITICALCVSS 9.8EG 9.82022-12-22
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger th…
- CVE-2022-41838CRITICALCVSS 9.8EG 9.82022-12-22
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger t…
- CVE-2022-41991CRITICALCVSS 9.8EG 9.82023-01-26
A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a networ…
- CVE-2022-42403HIGHCVSS 7.8EG 7.82023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
- CVE-2022-42405HIGHCVSS 7.8EG 7.82023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
- CVE-2022-42783MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.
- CVE-2022-43171MEDIUMCVSS 6.5EG 6.52022-11-17
A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
- CVE-2022-43591HIGHCVSS 8.8EG 8.82023-01-12
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application w…
- CVE-2022-43597HIGHCVSS 8.1EG 8.12022-12-22
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can pro…
- CVE-2022-43598HIGHCVSS 8.1EG 8.12022-12-22
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can pro…
- CVE-2022-43599HIGHCVSS 8.1EG 8.12022-12-22
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious…
- CVE-2022-43600HIGHCVSS 8.1EG 8.12022-12-22
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious…
- CVE-2022-43601HIGHCVSS 8.1EG 8.12022-12-22
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious…
- CVE-2022-43602HIGHCVSS 8.1EG 8.12022-12-22
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious…
- CVE-2022-43634CRITICALCVSS 9.8EG 9.82023-03-29
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue…
- CVE-2022-43648HIGHCVSS 8.8EG 8.82023-03-29
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the …
- CVE-2022-43655HIGHCVSS 7.8EG 7.82024-05-07
Bentley View FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View. User interaction is required to e…
- CVE-2022-44427MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
- CVE-2022-44428MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
- CVE-2022-44429MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
- CVE-2022-44430MEDIUMCVSS 5.5EG 5.52023-01-04
In wlan driver, there is a possible missing bounds check. This could lead to local denial of service in wlan services.
- CVE-2022-44654HIGHCVSS 7.5EG 7.52022-12-12
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's …
- CVE-2022-44910HIGHCVSS 7.8EG 7.82022-12-14
Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c.
- CVE-2022-45115HIGHCVSS 7.8EG 7.82023-04-05
A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
- CVE-2022-45188HIGHCVSS 7.8EG 7.82022-11-12
Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).
- CVE-2022-45491HIGHCVSS 7.8EG 7.82023-02-03
Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
- CVE-2022-4584MEDIUMCVSS 6.3EG 8.82022-12-17
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack m…
- CVE-2022-46289CRITICALCVSS 9.8EG 9.82023-07-21
Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a m…
- CVE-2022-46290CRITICALCVSS 9.8EG 9.82023-07-21
Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a m…
- CVE-2022-48512CRITICALCVSS 9.8EG 9.82023-07-06
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.
- CVE-2022-4920CRITICALCVSS 9.6EG 9.62023-07-29
Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security seve…
- CVE-2023-0051HIGHCVSS 7.8EG 7.82023-01-04
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
- CVE-2023-0208HIGHCVSS 8.4EG 7.12023-04-01
NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and dat…
- CVE-2023-0210HIGHCVSS 7.5EG 7.52023-03-27
A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.
- CVE-2023-0288HIGHCVSS 7.8EG 7.82023-01-13
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
- CVE-2023-0433HIGHCVSS 7.8EG 7.82023-01-21
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
- CVE-2023-0666MEDIUMCVSS 6.5EG 8.82023-06-07
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process r…
- CVE-2023-0667MEDIUMCVSS 6.5EG 9.82023-06-07
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the contex…
- CVE-2023-0760HIGHCVSS 7.8EG 7.82023-02-09
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
- CVE-2023-0819HIGHCVSS 7.8EG 7.82023-02-13
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV.
- CVE-2023-0841MEDIUMCVSS 6.3EG 8.82023-02-15
A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. Th…
- CVE-2023-0851CRITICALCVSS 9.8EG 9.82023-05-11
Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arb…
- CVE-2023-0854CRITICALCVSS 9.8EG 9.82023-05-11
Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unrespons…
- CVE-2023-0866HIGHCVSS 7.8EG 7.82023-02-16
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV.
- CVE-2023-1010MEDIUMCVSS 5.3EG 5.52023-02-24
A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. Th…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →