CWE-122
Heap-based Buffer Overflow
Description
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (568)
page 10 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40377 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40362 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-35421 | Hig | 0.51 | 7.8 | 0.01 | May 12, 2026 | Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-35420 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34687 | — | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | |
| CVE-2026-34642 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-34343 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-34336 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33841 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-33837 | Hig | 0.51 | 7.8 | 0.02 | May 12, 2026 | Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-12659 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. | ||
| CVE-2026-6846 | Hig | 0.51 | 7.8 | 0.00 | Apr 22, 2026 | A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to… | ||
| CVE-2026-27293 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34630 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-27313 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-27312 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-27311 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-27310 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | ||
| CVE-2026-34629 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-34628 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… |
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Illustrator versions 29.8.6, 30.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to…
- risk 0.51cvss 7.8epss 0.00
Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…