CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 16 of 44
- CVE-2023-37342HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF PNG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2023-37344HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2023-38071HIGHCVSS 7.8EG 7.82023-09-12
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),…
- CVE-2023-38076HIGHCVSS 7.8EG 7.82023-09-12
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11),…
- CVE-2023-38080HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2023-38090HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF popUpMenu Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to ex…
- CVE-2023-38143HIGHCVSS 7.8EG 7.82023-09-12
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2023-38147HIGHCVSS 8.8EG 8.82023-09-12
Windows Miracast Wireless Display Remote Code Execution Vulnerability
- CVE-2023-38154HIGHCVSS 7.8EG 7.82023-08-08
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-38170HIGHCVSS 7.8EG 7.82023-08-08
HEVC Video Extensions Remote Code Execution Vulnerability
- CVE-2023-38212HIGHCVSS 7.8EG 7.82023-08-09
Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…
- CVE-2023-39492HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is r…
- CVE-2023-39494HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is …
- CVE-2023-39946HIGHCVSS 8.2EG 8.22023-08-11
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that …
- CVE-2023-39947HIGHCVSS 8.2EG 8.22023-08-11
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` par…
- CVE-2023-40031HIGHCVSS 7.8EG 7.82023-08-25
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known …
- CVE-2023-4016LOWCVSS 2.5EG 2.52023-08-02
Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.
- CVE-2023-40166MEDIUMCVSS 5.5EG 5.52023-08-25
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it …
- CVE-2023-40222HIGHCVSS 7.8EG 7.82025-02-04
In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.200), the affected application lacks proper validation of user-supplied data when parsing CO files. This could lead to a heap-based buffer overflow. An attacker could leverage t…
- CVE-2023-40465HIGHCVSS 8.3EG 8.32023-12-04
Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal.
- CVE-2023-40548HIGHCVSS 7.4EG 4.92024-01-29
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation op…
- CVE-2023-40889CRITICALCVSS 9.8EG 9.82023-08-29
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digi…
- CVE-2023-41140HIGHCVSS 7.8EG 7.82023-11-23
A maliciously crafted PRT file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitr…
- CVE-2023-41175MEDIUMCVSS 6.5EG 6.52023-10-05
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a…
- CVE-2023-41229HIGHCVSS 8.8EG 8.82024-05-03
D-Link DIR-3040 HTTP Request Processing Referer Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 rou…
- CVE-2023-41273MEDIUMCVSS 5.5EG 5.52024-02-02
A heap-based buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed t…
- CVE-2023-41275MEDIUMCVSS 5.5EG 5.52024-02-02
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have…
- CVE-2023-41276MEDIUMCVSS 5.5EG 5.52024-02-02
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have…
- CVE-2023-42038HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2023-42039HIGHCVSS 7.8EG 7.82024-05-03
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2023-42076HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is r…
- CVE-2023-42077HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is r…
- CVE-2023-42083HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor JPG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is r…
- CVE-2023-42085HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor EMF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is r…
- CVE-2023-4264HIGHCVSS 7.1EG 7.12023-09-27
Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
- CVE-2023-42848HIGHCVSS 7.8EG 7.82024-02-21
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 10.1, macOS Sonoma 14.1, tvOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, macOS Ventura 13.6.1. Processing a maliciously crafted image ma…
- CVE-2023-4322CRITICALCVSS 9.8EG 7.32023-08-14
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.
- CVE-2023-4353HIGHCVSS 8.8EG 8.82023-08-15
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-43787HIGHCVSS 7.8EG 7.82023-10-10
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
- CVE-2023-44418HIGHCVSS 8.8EG 8.82024-05-03
D-Link DIR-X3260 Prog.cgi Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication …
- CVE-2023-44428HIGHCVSS 7.8EG 7.82024-05-03
MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit…
- CVE-2023-44429HIGHCVSS 8.8EG 8.82024-05-03
GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is requi…
- CVE-2023-44441HIGHCVSS 7.8EG 7.82024-05-03
GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln…
- CVE-2023-44442HIGHCVSS 7.8EG 7.82024-05-03
GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vuln…
- CVE-2023-4504HIGHCVSS 7.0EG 7.02023-09-21
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, …
- CVE-2023-45318CRITICALCVSS 10.0EG 10.02024-02-20
A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP git commit 80d4004. A specially crafted network packet can lead to arbitrary code execution. An attacker can send a malicious pac…
- CVE-2023-45591HIGHCVSS 7.5EG 7.52024-03-05
A CWE-122 “Heap-based Buffer Overflow” vulnerability in the “logger_generic” function of the “Ax_rtu” binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in…
- CVE-2023-46256MEDIUMCVSS 4.4EG 4.42023-10-31
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfun…
- CVE-2023-46426HIGHCVSS 8.8EG 8.82024-03-09
Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.
- CVE-2023-4682MEDIUMCVSS 5.5EG 5.92023-08-31
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →