CWE-122— Heap-based Buffer Overflow
2,158 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 26 of 44
- CVE-2024-49138HIGHCVSS 7.8EG 9.0⚠ KEV2024-12-12
Windows Common Log File System Driver Elevation of Privilege Vulnerability
- CVE-2024-49507HIGHCVSS 7.8EG 7.82024-11-12
InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2024-49508HIGHCVSS 7.8EG 7.82024-11-12
InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2024-49509HIGHCVSS 7.8EG 7.82024-11-12
InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2024-49517HIGHCVSS 7.8EG 7.82024-11-12
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2024-49525HIGHCVSS 7.8EG 7.82024-11-12
Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2024-49545HIGHCVSS 7.8EG 7.82024-12-10
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user in…
- CVE-2024-49552HIGHCVSS 7.8EG 7.82024-12-10
Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interacti…
- CVE-2024-49714HIGHCVSS 7.8EG 7.82025-09-04
In avrc_vendor_msg of avrc_opt.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not need…
- CVE-2024-49775CRITICALCVSS 9.8EG 9.82024-12-16
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2501.0001), Opcenter Intelligence (All versions < V2501.0001), Opcenter Quality (All versions < V2512), Opcenter RDnL (All versions < V2410), SIMATIC PCS…
- CVE-2024-50571HIGHCVSS 7.2EG 7.22025-10-14
A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.2, FortiAnalyzer 7.4.0 through 7.4.5, FortiAnalyzer 7.2.0 through 7.2.9, FortiAnalyzer 7.0.0 through 7.0.13, FortiAnalyzer 6.4 all versions, FortiAnalyz…
- CVE-2024-50698CRITICALCVSS 9.8EG 9.82025-01-24
SunGrow WiNet-SV200.001.00.P027 and earlier versions is vulnerable to heap-based buffer overflow due to bounds checks of the MQTT message content.
- CVE-2024-51480HIGHCVSS 7.0EG 7.02025-01-08
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an in…
- CVE-2024-5159HIGHCVSS 8.8EG 8.82024-05-22
Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-5160HIGHCVSS 8.8EG 8.82024-05-22
Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-51737HIGHCVSS 7.0EG 7.02025-01-08
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a s…
- CVE-2024-52059HIGHCVSS 7.8EG 7.82024-12-13
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Heap-based Buffer Overflow, Integer Overflow or Wraparound vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue a…
- CVE-2024-5228HIGHCVSS 7.5EG 7.52024-05-23
TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER…
- CVE-2024-52995HIGHCVSS 7.8EG 7.82024-12-10
Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact…
- CVE-2024-52996HIGHCVSS 7.8EG 7.82024-12-10
Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interact…
- CVE-2024-52999HIGHCVSS 7.8EG 7.82024-12-10
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2024-5301HIGHCVSS 7.8EG 7.82024-06-06
Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is require…
- CVE-2024-53310MEDIUMCVSS 5.5EG 5.52025-02-13
A Structured Exception Handler based buffer overflow vulnerability exists in Effectmatrix Total Video Converter Command Line (TVCC) 2.50 when a specially crafted file is passed to the -ff parameter. The vulnerability occurs due to improper…
- CVE-2024-53956HIGHCVSS 7.8EG 7.82024-12-10
Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interactio…
- CVE-2024-53957HIGHCVSS 7.8EG 7.82024-12-10
Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interac…
- CVE-2024-54093HIGHCVSS 7.8EG 7.82024-12-10
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to exec…
- CVE-2024-54094HIGHCVSS 7.8EG 7.82024-12-10
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to exec…
- CVE-2024-5493HIGHCVSS 8.8EG 7.52024-05-30
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-55192CRITICALCVSS 9.8EG 9.82025-01-23
OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via the component OpenImageIO_v3_1_0::farmhash::inlined::Fetch64(char const*).
- CVE-2024-55627MEDIUMCVSS 5.9EG 5.92025-01-06
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during in…
- CVE-2024-56406HIGHCVSS 8.4EG 8.62025-04-13
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of th…
- CVE-2024-56732HIGHCVSS 8.8EG 8.82024-12-27
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
- CVE-2024-56737HIGHCVSS 8.8EG 8.82024-12-29
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem.
- CVE-2024-56805MEDIUMCVSS 5.4EG 5.42025-06-06
A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have alre…
- CVE-2024-56826MEDIUMCVSS 5.6EG 5.62025-01-09
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
- CVE-2024-56827MEDIUMCVSS 5.6EG 5.62025-01-09
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
- CVE-2024-5835HIGHCVSS 8.8EG 8.82024-06-11
Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security …
- CVE-2024-5876HIGHCVSS 7.8EG 7.82024-11-22
IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit…
- CVE-2024-6031HIGHCVSS 7.8EG 7.82025-04-30
Tesla Model S oFono AT Command Heap-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected Tesla Model S vehicles. An attacker must first obtain the ability to ex…
- CVE-2024-6135HIGHCVSS 7.6EG 7.62024-09-13
BT:Classic: Multiple missing buf length checks
- CVE-2024-6154MEDIUMCVSS 6.7EG 8.22024-06-20
Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain …
- CVE-2024-6246HIGHCVSS 8.8EG 9.62024-11-22
Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentica…
- CVE-2024-6258MEDIUMCVSS 6.8EG 6.82024-09-13
BT: Missing length checks of net_buf in rfcomm_handle_data
- CVE-2024-6259HIGHCVSS 7.6EG 7.62024-09-13
BT: HCI: adv_ext_report Improper discarding in adv_ext_report
- CVE-2024-6383MEDIUMCVSS 5.3EG 5.32024-07-03
The bson_string_append function in MongoDB C Driver may be vulnerable to a buffer overflow where the function might attempt to allocate too small of buffer and may lead to memory corruption of neighbouring heap memory. This issue affects l…
- CVE-2024-6444MEDIUMCVSS 6.3EG 6.32024-10-04
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
- CVE-2024-6816HIGHCVSS 7.8EG 7.82024-11-22
IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit…
- CVE-2024-6873HIGHCVSS 8.1EG 8.12024-08-01
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is…
- CVE-2024-6994HIGHCVSS 8.8EG 8.82024-08-06
Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7018HIGHCVSS 7.8EG 8.82024-09-23
Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →