CWE-122: Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory.
Yearly Trend
Top Affected Vendors
All Heap-based Buffer Overflow CVEs (844)
CVE-2023-29125 is a heap buffer overflow vulnerability in TCP port 7700 services that allows remote attackers to execute arbitrary code or cause denia...
Nov 5, 2024An integer overflow vulnerability in EVerest EV charging software allows remote attackers to trigger heap overflow via the v2g_incoming_v2gtp function...
Jul 10, 2024This CVE describes a heap-based buffer overflow vulnerability in Weston Embedded uC-HTTP v3.01.01's HTTP server functionality. Attackers can send spec...
Nov 14, 2023A heap-based buffer overflow in SoftEther VPN's WpcParsePacket() function allows remote attackers to execute arbitrary code via specially crafted netw...
Oct 12, 2023This vulnerability allows attackers to execute arbitrary code on the mediaextractor process in Samsung devices through improper input validation in th...
Jun 11, 2021This vulnerability allows attackers to execute arbitrary code on Samsung devices by exploiting improper input validation in the libsapextractor librar...
Jun 11, 2021This vulnerability allows attackers to execute arbitrary code on Samsung devices by exploiting improper input validation in the libswmfextractor libra...
Apr 9, 2021A heap-based buffer overflow vulnerability in BMC Control-M/Agent allows remote attackers to trigger memory corruption via SSL/TLS communication. This...
Sep 16, 2025CVE-2026-27168 is a heap-based buffer overflow vulnerability in SAIL's XWD image parser that allows attackers to execute arbitrary code or cause denia...
Feb 21, 2026A heap buffer overflow vulnerability in libvpx video codec library allows attackers to execute arbitrary code or cause denial of service. This affects...
Feb 16, 2026A heap buffer overflow vulnerability in libvpx video processing library in Google Chrome allows remote attackers to potentially execute arbitrary code...
Feb 3, 2026This CVE describes a heap buffer overflow vulnerability in wlan (wireless LAN) components that allows remote attackers to execute arbitrary code witho...
Feb 2, 2026A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows remote unauthenticated attackers to execute arbi...
Jan 13, 2026This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of FontForge. Attackers can exploit this b...
Dec 31, 2025A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious ...
Dec 31, 2025A heap-based buffer overflow vulnerability in FontForge's SFD file parser allows remote attackers to execute arbitrary code when users open malicious ...
Dec 31, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows remote unauthenticated attackers to execute arbi...
Dec 9, 2025A heap-based buffer overflow vulnerability in Windows Subsystem for Linux GUI allows remote attackers to execute arbitrary code on affected systems. T...
Nov 11, 2025A heap buffer overflow vulnerability in Chrome's WebGPU implementation allows remote attackers to potentially exploit heap corruption. This affects Ch...
Nov 6, 2025A heap-based buffer overflow vulnerability in Internet Explorer allows remote attackers to execute arbitrary code on affected systems. This affects us...
Oct 14, 2025This vulnerability in MediaTek wlan AP driver allows remote attackers within wireless range to execute arbitrary code or escalate privileges without u...
Oct 14, 2025CVE-2025-32318 is a heap buffer overflow vulnerability in Skia graphics library that allows remote attackers to execute arbitrary code without user in...
Sep 5, 2025This vulnerability is a heap-based buffer overflow in Realtek rtl81xx SDK Wi-Fi driver's MgntActSet_TEREDO_SET_RS_PACKET function, allowing local atta...
Sep 2, 2025A heap-based buffer overflow vulnerability in the SAIL Image Decoding Library's PSD RLE decoding functionality allows remote code execution when proce...
Aug 25, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to execute arbitrary c...
Aug 12, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to execute arbitrary c...
Jul 8, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows remote attackers to execute arbitrary code witho...
Jul 8, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows remote unauthenticated attackers to execute arbi...
Jul 8, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows remote unauthenticated attackers to execute arbi...
Jul 8, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to execute arbitrary c...
Jul 8, 2025This vulnerability in MediaTek WLAN AP drivers allows remote attackers within wireless range to execute arbitrary code without authentication or user ...
Jul 8, 2025This vulnerability allows network-adjacent attackers to execute arbitrary code on Autel MaxiCharger AC Wallbox Commercial EV chargers without authenti...
Jun 25, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to execute arbitrary c...
Jun 10, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows authenticated attackers to execute arbitrary cod...
Jun 10, 2025CVE-2025-44904 is a heap buffer overflow vulnerability in HDF5 library v1.14.6 that allows attackers to execute arbitrary code or cause denial of serv...
May 30, 2025A heap-based buffer overflow vulnerability in Microsoft's Remote Desktop Gateway Service allows unauthenticated attackers to execute arbitrary code re...
May 13, 2025This vulnerability is a heap-based buffer overflow in Windows Media components that allows remote attackers to execute arbitrary code on affected syst...
May 13, 2025A heap-based buffer overflow vulnerability in Windows Media allows remote attackers to execute arbitrary code on affected systems. This affects Window...
May 13, 2025A heap-based buffer overflow vulnerability in Sonos Era 300 speakers allows network-adjacent attackers to execute arbitrary code without authenticatio...
Apr 23, 2025A critical heap buffer overflow vulnerability in Google Chrome's codec processing allows remote attackers to execute arbitrary code or cause denial of...
Apr 16, 2025A heap-based buffer overflow vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code without authentication. This...
Apr 8, 2025A heap-based buffer overflow vulnerability in Windows Telephony Service allows remote attackers to execute arbitrary code on affected systems. This af...
Apr 8, 2025A heap-based buffer overflow vulnerability in Windows Telephony Server allows remote attackers to execute arbitrary code without authentication. This ...
Mar 11, 2025A heap-based buffer overflow vulnerability in Windows Routing and Remote Access Service (RRAS) allows unauthenticated attackers to execute arbitrary c...
Mar 11, 2025A heap buffer overflow vulnerability in Google Chrome's GPU component on Android allows remote attackers to potentially exploit heap corruption via a ...
Feb 19, 2025A heap buffer overflow vulnerability in Chrome's V8 JavaScript engine allows remote attackers to potentially execute arbitrary code or cause denial of...
Feb 19, 2025CVE-2025-0903 is a heap-based buffer overflow vulnerability in PDF-XChange Editor's RTF file parsing that allows remote attackers to execute arbitrary...
Feb 11, 2025CVE-2025-21407 is a heap-based buffer overflow vulnerability in Windows Telephony Service that allows remote attackers to execute arbitrary code with ...
Feb 11, 2025This vulnerability allows remote attackers to execute arbitrary code on Windows systems running Routing and Remote Access Service (RRAS) by exploiting...
Feb 11, 2025This vulnerability allows remote code execution through Microsoft Digest Authentication, enabling attackers to execute arbitrary code on affected syst...
Feb 11, 2025About Heap-based Buffer Overflow (CWE-122)
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory.
Our database tracks 844 CVEs classified as CWE-122, with 107 rated critical and 658 rated high severity. The average CVSS score for Heap-based Buffer Overflow vulnerabilities is 8.0.
External reference: View CWE-122 on MITRE CWE →
Monitor Heap-based Buffer Overflow Vulnerabilities
Get alerted when new Heap-based Buffer Overflow CVEs affect your infrastructure.
Start Monitoring Free