CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 13 of 44
- CVE-2023-23406HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-23415CRITICALCVSS 9.8EG 9.82023-03-14
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
- CVE-2023-23582MEDIUMCVSS 5.3EG 9.82023-01-30
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely.
- CVE-2023-23782HIGHCVSS 7.8EG 7.82023-02-16
A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions allows attacker to escalation of privileg…
- CVE-2023-24014HIGHCVSS 7.8EG 7.82023-06-07
Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code.
- CVE-2023-24474HIGHCVSS 7.5EG 7.52023-07-13
Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message
- CVE-2023-24550HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer while parsing specially crafted PAR files. …
- CVE-2023-24551HIGHCVSS 7.8EG 7.82023-02-14
A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2023 (All versions < V223.0Update2). The affected application is vulnerable to heap-based buffer underflow while parsing specially crafted P…
- CVE-2023-24867HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24868HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24876HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24897HIGHCVSS 7.8EG 7.82023-06-14
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
- CVE-2023-24907HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24912HIGHCVSS 7.8EG 7.82023-04-11
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2023-24913HIGHCVSS 8.8EG 8.82023-03-14
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24926HIGHCVSS 8.8EG 8.82023-04-11
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24928HIGHCVSS 8.8EG 8.82023-04-11
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
- CVE-2023-24943CRITICALCVSS 9.8EG 9.82023-05-09
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability
- CVE-2023-24948HIGHCVSS 7.4EG 7.42023-05-09
Windows Bluetooth Driver Elevation of Privilege Vulnerability
- CVE-2023-25181CRITICALCVSS 9.0EG 9.02023-11-14
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packe…
- CVE-2023-25664HIGHCVSS 7.5EG 7.52023-03-25
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
- CVE-2023-25668CRITICALCVSS 9.8EG 9.82023-03-25
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be inclu…
- CVE-2023-25864HIGHCVSS 7.8EG 7.82023-03-27
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2023-25868HIGHCVSS 7.8EG 7.82023-03-27
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2023-25872HIGHCVSS 7.8EG 7.82023-03-27
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2023-25874HIGHCVSS 7.8EG 7.82023-03-27
Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2023-25882HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-25883HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-25885HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-25890HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-25895HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-25897HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-25898HIGHCVSS 7.8EG 7.82023-03-28
Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction i…
- CVE-2023-26394HIGHCVSS 7.8EG 7.82023-04-12
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user inte…
- CVE-2023-26413HIGHCVSS 7.8EG 7.82023-04-13
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i…
- CVE-2023-26416HIGHCVSS 7.8EG 7.82023-04-13
Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i…
- CVE-2023-26793CRITICALCVSS 9.8EG 9.82024-05-01
libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.
- CVE-2023-27390HIGHCVSS 7.8EG 8.42023-07-05
A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger t…
- CVE-2023-27395CRITICALCVSS 9.0EG 9.02023-10-12
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can…
- CVE-2023-27410LOWCVSS 2.7EG 2.72023-05-09
A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 c…
- CVE-2023-27585HIGHCVSS 7.5EG 7.52023-03-14
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJ…
- CVE-2023-2763HIGHCVSS 7.8EG 7.82023-07-12
Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities co…
- CVE-2023-27882CRITICALCVSS 9.0EG 9.02023-11-14
A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to…
- CVE-2023-27911HIGHCVSS 7.8EG 7.82023-04-17
A user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to code execution.
- CVE-2023-27997CRITICALCVSS 9.8EG 9.8⚠ KEV2023-06-13
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version …
- CVE-2023-2804MEDIUMCVSS 6.5EG 6.52023-05-25
A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data ty…
- CVE-2023-28218HIGHCVSS 7.0EG 7.02023-04-11
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2023-28225HIGHCVSS 7.8EG 7.82023-04-11
Windows NTLM Elevation of Privilege Vulnerability
- CVE-2023-28227HIGHCVSS 7.5EG 7.52023-04-11
Windows Bluetooth Driver Remote Code Execution Vulnerability
- CVE-2023-28231HIGHCVSS 8.8EG 8.82023-04-11
DHCP Server Service Remote Code Execution Vulnerability
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →