CWE-122— Heap-based Buffer Overflow
2,151 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-122page 7 of 44
- CVE-2021-34900HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34904HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34905HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34907HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34938HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34945HIGHCVSS 7.8EG 7.82022-01-13
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a …
- CVE-2021-34971HIGHCVSS 7.8EG 7.82024-05-07
Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is r…
- CVE-2021-36050HIGHCVSS 7.8EG 7.82021-09-01
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must …
- CVE-2021-36051HIGHCVSS 7.8EG 7.82021-10-04
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must …
- CVE-2021-36054LOWCVSS 3.3EG 3.32021-09-01
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a v…
- CVE-2021-36056MEDIUMCVSS 5.5EG 5.52021-09-01
XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must …
- CVE-2021-36065HIGHCVSS 7.8EG 7.82021-09-01
Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier) are affected by a heap-based buffer overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue…
- CVE-2021-36073HIGHCVSS 7.8EG 7.82021-09-01
Adobe Bridge version 11.1 (and earlier) is affected by a heap-based buffer overflow vulnerability when parsing a crafted .SGI file. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitat…
- CVE-2021-3625CRITICALCVSS 9.6EG 9.62021-10-05
Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-c3gr-hgvr-f363
- CVE-2021-37199HIGHCVSS 7.5EG 7.52021-10-12
A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to ca…
- CVE-2021-3756CRITICALCVSS 9.8EG 9.82021-10-29
libmysofa is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3770HIGHCVSS 7.8EG 7.82021-09-06
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3778HIGHCVSS 7.8EG 7.82021-09-15
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3835HIGHCVSS 8.2EG 8.22022-02-07
Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf
- CVE-2021-38404HIGHCVSS 7.8EG 7.82021-09-17
Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to e…
- CVE-2021-38415HIGHCVSS 7.8EG 7.82021-12-20
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.
- CVE-2021-38439HIGHCVSS 8.6EG 9.82022-05-05
All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code.
- CVE-2021-3861HIGHCVSS 8.2EG 8.22022-02-07
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hv…
- CVE-2021-3872HIGHCVSS 7.8EG 7.82021-10-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3875MEDIUMCVSS 5.5EG 5.52021-10-15
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3903HIGHCVSS 7.8EG 7.82021-10-27
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3927HIGHCVSS 7.8EG 7.82021-11-05
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3966CRITICALCVSS 9.6EG 9.62023-01-11
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem.
- CVE-2021-3968HIGHCVSS 8.0EG 8.02021-11-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-3973HIGHCVSS 7.8EG 7.82021-11-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39823HIGHCVSS 7.8EG 7.82021-09-27
Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and earlier versions are affected by a heap buffer overflow vulnerability due to insecure handling of a malicious .svg file, potentially resulting in arbitrary code execution…
- CVE-2021-3984HIGHCVSS 7.8EG 7.82021-12-01
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-39863HIGHCVSS 7.8EG 7.82021-09-29
Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Buffer Overflow vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker c…
- CVE-2021-4019HIGHCVSS 7.8EG 7.82021-12-01
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-40426HIGHCVSS 8.8EG 8.82022-04-14
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a…
- CVE-2021-41253MEDIUMCVSS 5.9EG 5.92021-11-08
Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can…
- CVE-2021-4136HIGHCVSS 7.8EG 7.82021-12-19
vim is vulnerable to Heap-based Buffer Overflow
- CVE-2021-42018MEDIUMCVSS 5.9EG 9.82022-03-08
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM …
- CVE-2021-43304HIGHCVSS 8.8EG 8.82022-03-14
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(…
- CVE-2021-43305HIGHCVSS 8.8EG 8.82022-03-14
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(…
- CVE-2021-44000HIGHCVSS 7.8EG 7.82022-02-09
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visu…
- CVE-2021-44442HIGHCVSS 7.8EG 7.82021-12-14
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specia…
- CVE-2021-44445HIGHCVSS 7.8EG 7.82021-12-14
A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specia…
- CVE-2021-44708HIGHCVSS 7.8EG 7.82022-01-14
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary co…
- CVE-2021-44709HIGHCVSS 7.8EG 7.82022-01-14
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a heap overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary co…
- CVE-2021-45918HIGHCVSS 7.5EG 7.52022-06-20
NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved …
- CVE-2021-45956CRITICALCVSS 9.8EG 9.82022-01-01
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowle…
- CVE-2021-46577HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46603HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
- CVE-2021-46605HIGHCVSS 7.8EG 7.82022-02-18
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious…
Map vulnerabilities like CWE-122 to your infrastructure
EchelonGraph correlates every CVE — across CWE-122 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →