CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 20 of 44
- CVE-2024-25048HIGHCVSS 7.5EG 7.52024-04-27
IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to cra…
- CVE-2024-25115HIGHCVSS 7.0EG 7.02024-04-09
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which …
- CVE-2024-25262HIGHCVSS 8.1EG 8.12024-02-29
texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file.
- CVE-2024-25390HIGHCVSS 8.4EG 8.42024-03-27
A heap buffer overflow occurs in finsh/msh_file.c and finsh/msh.c in RT-Thread through 5.0.2.
- CVE-2024-25448HIGHCVSS 8.8EG 8.82024-02-09
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
- CVE-2024-26159HIGHCVSS 8.8EG 8.82024-03-12
Microsoft ODBC Driver Remote Code Execution Vulnerability
- CVE-2024-26161HIGHCVSS 8.8EG 8.82024-03-12
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-26166HIGHCVSS 8.8EG 8.82024-03-12
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-26168MEDIUMCVSS 6.8EG 6.82024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-26178HIGHCVSS 7.8EG 7.82024-03-12
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-26179HIGHCVSS 8.8EG 8.82024-04-09
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-26191HIGHCVSS 8.8EG 8.82024-09-10
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
- CVE-2024-26195HIGHCVSS 7.2EG 7.22024-04-09
DHCP Server Service Remote Code Execution Vulnerability
- CVE-2024-26200HIGHCVSS 8.8EG 8.82024-04-09
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-26202HIGHCVSS 7.2EG 7.22024-04-09
DHCP Server Service Remote Code Execution Vulnerability
- CVE-2024-26205HIGHCVSS 8.8EG 8.82024-04-09
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
- CVE-2024-26210HIGHCVSS 8.8EG 8.82024-04-09
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
- CVE-2024-26211HIGHCVSS 7.8EG 7.82024-04-09
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
- CVE-2024-26214HIGHCVSS 8.8EG 8.82024-04-09
Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability
- CVE-2024-26229HIGHCVSS 7.8EG 9.02024-04-09
Windows CSC Service Elevation of Privilege Vulnerability
- CVE-2024-26239HIGHCVSS 7.8EG 7.82024-04-09
Windows Telephony Server Elevation of Privilege Vulnerability
- CVE-2024-26256HIGHCVSS 7.8EG 7.82024-04-09
Libarchive Remote Code Execution Vulnerability
- CVE-2024-26327MEDIUMCVSS 5.3EG 5.32024-02-19
An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.
- CVE-2024-26540HIGHCVSS 7.8EG 7.82024-03-15
A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.
- CVE-2024-27209HIGHCVSS 8.4EG 8.42024-03-11
there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CVE-2024-27243MEDIUMCVSS 6.5EG 6.52024-05-15
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
- CVE-2024-27245MEDIUMCVSS 4.3EG 4.32025-02-25
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
- CVE-2024-27340HIGHCVSS 7.8EG 7.82024-04-03
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2024-27341HIGHCVSS 7.8EG 7.82024-04-03
Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2024-27372MEDIUMCVSS 6.7EG 6.72024-06-05
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_le…
- CVE-2024-27374MEDIUMCVSS 6.7EG 6.72024-06-05
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_l…
- CVE-2024-28231CRITICALCVSS 9.6EG 9.62024-03-20
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in…
- CVE-2024-2824MEDIUMCVSS 6.3EG 6.32024-03-22
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated rem…
- CVE-2024-28572MEDIUMCVSS 6.2EG 6.22024-03-20
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
- CVE-2024-28896HIGHCVSS 7.5EG 7.52024-04-09
Secure Boot Security Feature Bypass Vulnerability
- CVE-2024-28906HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28908HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28909HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28910HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28911HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28912HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28913HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28914HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28915HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28926HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28927HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28932HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28935HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28937HIGHCVSS 8.8EG 8.82024-04-09
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2024-28940HIGHCVSS 8.8EG 8.82024-04-09
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →