CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-54W2-5H8J-5VMM
Vulnerability from github – Published: 2023-03-01 15:30 – Updated: 2023-03-10 18:30libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
{
"affected": [],
"aliases": [
"CVE-2023-24758"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-01T15:15:00Z",
"severity": "MODERATE"
},
"details": "libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.",
"id": "GHSA-54w2-5h8j-5vmm",
"modified": "2023-03-10T18:30:19Z",
"published": "2023-03-01T15:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24758"
},
{
"type": "WEB",
"url": "https://github.com/strukturag/libde265/issues/383"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00004.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54W4-35XC-2796
Vulnerability from github – Published: 2024-06-19 15:30 – Updated: 2026-05-12 12:31In the Linux kernel, the following vulnerability has been resolved:
cpufreq: exit() callback is optional
The exit() callback is optional and shouldn't be called without checking a valid pointer first.
Also, we must clear freq_table pointer even if the exit() callback isn't present.
{
"affected": [],
"aliases": [
"CVE-2024-38615"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-19T14:15:21Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: exit() callback is optional\n\nThe exit() callback is optional and shouldn\u0027t be called without checking\na valid pointer first.\n\nAlso, we must clear freq_table pointer even if the exit() callback isn\u0027t\npresent.",
"id": "GHSA-54w4-35xc-2796",
"modified": "2026-05-12T12:31:56Z",
"published": "2024-06-19T15:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38615"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2d730b465e377396d2a09a53524b96b111f7ccb6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35db5e76d5e9f752476df5fa0b9018a2398b0378"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e99f060cfd2e36504d62c9132b453ade5027e1c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8bc9546805e572ad101681437a49939f28777273"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a8204d1b6ff762d2171d365c2c8560285d0a233d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ae37ebca325097d773d7bb6ec069123b30772872"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8f85833c05730d631576008daaa34096bc7f3ce"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dfc56ff5ec9904c008e9376d90a6d7e2d2bec4d3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54W8-PRJ8-6V5F
Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 00:39NTP through 4.2.8p12 has a NULL Pointer Dereference.
{
"affected": [],
"aliases": [
"CVE-2019-8936"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-05-15T16:29:00Z",
"severity": "HIGH"
},
"details": "NTP through 4.2.8p12 has a NULL Pointer Dereference.",
"id": "GHSA-54w8-prj8-6v5f",
"modified": "2024-04-04T00:39:49Z",
"published": "2022-05-24T16:45:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8936"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NVS2CSG2TQ663CXOZZUJN4STQPMENNP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBGXY7OKWOLT6X6JAPVZRFEP4FLCGGST"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQDNHNYOJK2SRSGO23GQ2RXTOUY2HLNN"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/May/39"
},
{
"type": "WEB",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:04.ntp.asc"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201903-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190503-0001"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K61363039"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4563-1"
},
{
"type": "WEB",
"url": "http://bugs.ntp.org/show_bug.cgi?id=3565"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00032.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00036.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/152915/FreeBSD-Security-Advisory-FreeBSD-SA-19-04.ntp.html"
},
{
"type": "WEB",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-54WX-M542-WWFM
Vulnerability from github – Published: 2025-06-06 18:30 – Updated: 2025-06-18 18:30A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later
{
"affected": [],
"aliases": [
"CVE-2025-22490"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-06T16:15:24Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nFile Station 5 5.5.6.4847 and later",
"id": "GHSA-54wx-m542-wwfm",
"modified": "2025-06-18T18:30:30Z",
"published": "2025-06-06T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22490"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-54XR-RM2R-P8MQ
Vulnerability from github – Published: 2025-01-06 18:31 – Updated: 2025-11-03 18:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: check folio mapping after unlock in relocate_one_folio()
When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again.
In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following:
BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20
This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode)
Note that the "fixes" patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice.
{
"affected": [],
"aliases": [
"CVE-2024-56758"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-06T17:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: check folio mapping after unlock in relocate_one_folio()\n\nWhen we call btrfs_read_folio() to bring a folio uptodate, we unlock the\nfolio. The result of that is that a different thread can modify the\nmapping (like remove it with invalidate) before we call folio_lock().\nThis results in an invalid page and we need to try again.\n\nIn particular, if we are relocating concurrently with aborting a\ntransaction, this can result in a crash like the following:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 76 PID: 1411631 Comm: kworker/u322:5\n Workqueue: events_unbound btrfs_reclaim_bgs_work\n RIP: 0010:set_page_extent_mapped+0x20/0xb0\n RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246\n RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880\n RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0\n R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000\n R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff\n FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x78/0xc0\n ? page_fault_oops+0x2a8/0x3a0\n ? __switch_to+0x133/0x530\n ? wq_worker_running+0xa/0x40\n ? exc_page_fault+0x63/0x130\n ? asm_exc_page_fault+0x22/0x30\n ? set_page_extent_mapped+0x20/0xb0\n relocate_file_extent_cluster+0x1a7/0x940\n relocate_data_extent+0xaf/0x120\n relocate_block_group+0x20f/0x480\n btrfs_relocate_block_group+0x152/0x320\n btrfs_relocate_chunk+0x3d/0x120\n btrfs_reclaim_bgs_work+0x2ae/0x4e0\n process_scheduled_works+0x184/0x370\n worker_thread+0xc6/0x3e0\n ? blk_add_timer+0xb0/0xb0\n kthread+0xae/0xe0\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork+0x2f/0x40\n ? flush_tlb_kernel_range+0x90/0x90\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nThis occurs because cleanup_one_transaction() calls\ndestroy_delalloc_inodes() which calls invalidate_inode_pages2() which\ntakes the folio_lock before setting mapping to NULL. We fail to check\nthis, and subsequently call set_extent_mapping(), which assumes that\nmapping != NULL (in fact it asserts that in debug mode)\n\nNote that the \"fixes\" patch here is not the one that introduced the\nrace (the very first iteration of this code from 2009) but a more recent\nchange that made this particular crash happen in practice.",
"id": "GHSA-54xr-rm2r-p8mq",
"modified": "2025-11-03T18:31:15Z",
"published": "2025-01-06T18:31:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56758"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/36679fab54fa7bcffafd469e2c474c1fc4beaee0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3e74859ee35edc33a022c3f3971df066ea0ca6b9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c7b1bd52a031ad0144d42eef0ba8471ce75122dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d508e56270389b3a16f5b3cf247f4eb1bbad1578"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-552P-PMCQ-PM57
Vulnerability from github – Published: 2022-05-14 03:07 – Updated: 2022-05-14 03:07crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.
{
"affected": [],
"aliases": [
"CVE-2015-8970"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-11-28T03:59:00Z",
"severity": "MODERATE"
},
"details": "crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket before an accept system call is processed, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted application that does not supply a key, related to the lrw_crypt function in crypto/lrw.c.",
"id": "GHSA-552p-pmcq-pm57",
"modified": "2022-05-14T03:07:25Z",
"published": "2022-05-14T03:07:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8970"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/dd504589577d8e8e70f51f997ad487a4cb6c026f"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2437"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2444"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-8970"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1386286"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/04/3"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94217"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5545-2Q6W-2GH6
Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2022-08-10 22:18Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.18.5"
},
"package": {
"ecosystem": "PyPI",
"name": "numpy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.19"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41495"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-21T20:10:22Z",
"nvd_published_at": "2021-12-17T20:15:00Z",
"severity": "HIGH"
},
"details": "Null Pointer Dereference vulnerability exists in numpy.sort in NumPy \u0026lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.",
"id": "GHSA-5545-2q6w-2gh6",
"modified": "2022-08-10T22:18:31Z",
"published": "2022-02-08T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41495"
},
{
"type": "WEB",
"url": "https://github.com/numpy/numpy/issues/19038"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5545-2q6w-2gh6"
},
{
"type": "PACKAGE",
"url": "https://github.com/numpy/numpy"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2021-856.yaml"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "NumPy NULL Pointer Dereference"
}
GHSA-554R-MHFH-G54G
Vulnerability from github – Published: 2024-02-09 15:31 – Updated: 2024-02-13 00:30Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.
{
"affected": [],
"aliases": [
"CVE-2024-25454"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-09T15:15:09Z",
"severity": "MODERATE"
},
"details": "Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function.",
"id": "GHSA-554r-mhfh-g54g",
"modified": "2024-02-13T00:30:26Z",
"published": "2024-02-09T15:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25454"
},
{
"type": "WEB",
"url": "https://github.com/axiomatic-systems/Bento4/issues/875"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5564-9J22-84F4
Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-10 21:32Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2026-27215"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T19:17:17Z",
"severity": "MODERATE"
},
"details": "Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to its availability. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-5564-9j22-84f4",
"modified": "2026-03-10T21:32:15Z",
"published": "2026-03-10T21:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27215"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb26-25.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-556C-FVGV-7MX6
Vulnerability from github – Published: 2022-05-13 01:15 – Updated: 2025-04-20 03:38The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
{
"affected": [],
"aliases": [
"CVE-2017-9124"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-12T06:29:00Z",
"severity": "MODERATE"
},
"details": "The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.",
"id": "GHSA-556c-fvgv-7mx6",
"modified": "2025-04-20T03:38:48Z",
"published": "2022-05-13T01:15:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9124"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4545-1"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/42148"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.