CWE-122
Heap-based Buffer Overflow
Description
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-92
CVEs mapped to this weakness (568)
page 9 of 29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-34698 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a… | ||
| CVE-2026-48574 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45638 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-45636 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45475 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45469 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44824 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44819 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-44811 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-44808 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42980 | Hig | 0.51 | 7.8 | 0.06 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40404 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | ||
| CVE-2026-0100 | Hig | 0.51 | 7.8 | 0.00 | Jun 1, 2026 | In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||
| CVE-2026-25713 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2026 | MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability | ||
| CVE-2026-22554 | Hig | 0.51 | 7.8 | 0.00 | May 20, 2026 | MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability | ||
| CVE-2026-43906 | — | Hig | 0.51 | 7.8 | 0.00 | May 14, 2026 | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to… | |
| CVE-2026-42896 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-42831 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40407 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-40398 | — | Hig | 0.51 | 7.8 | 0.02 | May 12, 2026 | Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. |
- risk 0.51cvss 7.8epss 0.00
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.06
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.00
In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- risk 0.51cvss 7.8epss 0.00
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
- risk 0.51cvss 7.8epss 0.00
MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability
- risk 0.51cvss 7.8epss 0.00
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to…
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.02
Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.