CWE-122

High likelihood

Heap-based Buffer Overflow

Parent: CWE-788 - Access of Memory Location After End of Buffer

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

2,311 vulnerabilities with CWE-122
CVE-2026-45252 MEDIUM
FreeBSD Heap-based Buffer Overflow in fusefs Extended Attribute Handling
CVSS 5.5
CVE-2026-44050 CRITICAL
Netatalk 2.0.0-4.4.2 - Authenticated Heap-based Buffer Overflow in CNID Daemon comm_rcv()
CVSS 9.9
CVE-2026-9149 MEDIUM
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
CVSS 6.5
CVE-2026-8631 CRITICAL
HP Linux Imaging and Printing Software – Potential Escalation of Privilege and Arbitrary Code Execution
CVSS 9.8
CVE-2026-9123 HIGH
Google Chrome < 148.0.7778.179 - Heap-based Buffer Overflow in Chromecast via Malicious Network Traffic
CVSS 7.5
CVE-2026-9119 HIGH
Google Chrome < 148.0.7778.179 - Remote Code Execution via WebRTC Heap Buffer Overflow
CVSS 8.8
CVE-2026-22554 HIGH
MediaArea MediaInfoLib 26.01 - Heap-based Buffer Overflow in Channel Splitting
CVSS 7.8
CVE-2026-45584 HIGH
Microsoft Defender Remote Code Execution Vulnerability
CVSS 8.1
CVE-2026-32741 HIGH
libheif <1.22.0 decode_mask_image - Heap Buffer Overflow
CVSS 7.1
CVE-2026-33633 HIGH
Kitty <0.47.0 Graphics Protocol Handler - Heap Buffer Overflow
CVSS 7.5
CVE-2026-8711 HIGH
NGINX JavaScript vulnerability
CVSS 8.1
CVE-2026-47311 HIGH
Samsung Open Source Escargot 590345cc6258317c5da850d846ce6baaf2afc2d3 - Heap-based Buffer Overflow
CVSS 7.8
CVE-2026-44662 MEDIUM
rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
CVE-2026-8560 MEDIUM
Google Chrome < 148.0.7778.168 - Heap-based Buffer Overflow in SwiftShader via Crafted HTML Page
CVSS 4.3
CVE-2026-8552 MEDIUM
Google Chrome < 148.0.7778.168 - Heap-based Buffer Overflow in GPU via Crafted HTML Page
CVSS 4.3
CVE-2026-8531 HIGH
Google Chrome < 148.0.7778.168 - Heap-based Buffer Overflow in WebML
CVSS 8.8
CVE-2026-8529 HIGH
Google Chrome < 148.0.7778.168 - Remote Code Execution via Crafted Video File
CVSS 8.8
CVE-2026-8525 HIGH
Google Chrome < 148.0.7778.168 - Heap-based Buffer Overflow in ANGLE via Crafted HTML Page
CVSS 8.3
CVE-2026-8509 HIGH
Google Chrome < 148.0.7778.168 - Remote Code Execution via WebML Heap Buffer Overflow
CVSS 8.8
CVE-2026-44636 HIGH
libsixel: integer overflow in encoder
CVSS 7.4
CVE-2026-43906 HIGH
OpenImageIO: HEIF Heap overflow
CVSS 7.8
CVE-2026-0264 HIGH
Palo Alto Networks PAN-OS - Heap-based Buffer Overflow via DNS Proxy and Server
CVE-2026-42945 HIGH
NGINX Plus and NGINX Open Source - Heap-based Buffer Overflow in ngx_http_rewrite_module
CVSS 8.1
CVE-2026-23827 HIGH
Hewlett Packard Enterprise (hpe) Hpe Aruba Networking Wireless Operating System (aos) < 8.13.1.1 - Remote Code Execution
CVSS 7.5
CVE-2026-42896 HIGH
Microsoft Windows 11 Version 24H2 - Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS 7.8
Details
Vulnerabilities 2,311
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits