CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-57HR-R2GG-FQR9
Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode(). Add a check to avoid null pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2024-41089"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T16:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes\n\nIn nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). The same applies to drm_cvt_mode().\nAdd a check to avoid null pointer dereference.",
"id": "GHSA-57hr-r2gg-fqr9",
"modified": "2025-11-04T00:31:04Z",
"published": "2024-07-29T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41089"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1c9f2e60150b4f13789064370e37f39e6e060f50"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/30cbf6ffafbbdd8a6e4e5f0a2e9a9827ee83f3ad"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/56fc4d3b0bdef691831cd95715a7ca3ebea98b2d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5eecb49a6c268dc229005bf6e8167d4001dc09a0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6d411c8ccc0137a612e0044489030a194ff5c843"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6e49a157d541e7e97b815a56f4bdfcbc89844a59"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7ece609b0ce7a7ea8acdf512a77d1fee26621637"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ffabad4aa91e33ced3c6ae793fb37771b3e9cb51"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57JG-XFPH-7VQG
Vulnerability from github – Published: 2026-01-02 15:30 – Updated: 2026-01-05 21:30A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
{
"affected": [],
"aliases": [
"CVE-2025-53590"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-02T15:16:01Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.7.3256 build 20250913 and later",
"id": "GHSA-57jg-xfph-7vqg",
"modified": "2026-01-05T21:30:30Z",
"published": "2026-01-02T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53590"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-57M4-VWWV-MMQR
Vulnerability from github – Published: 2024-03-27 06:30 – Updated: 2025-11-04 21:31Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.
{
"affected": [],
"aliases": [
"CVE-2023-45920"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-27T05:15:47Z",
"severity": "MODERATE"
},
"details": "Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.",
"id": "GHSA-57m4-vwwv-mmqr",
"modified": "2025-11-04T21:31:22Z",
"published": "2024-03-27T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45920"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/mcj/tickets/155"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/176803/Xfig-3.2.8-Null-Pointer.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Jan/48"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57MJ-8CW4-CM9W
Vulnerability from github – Published: 2024-04-23 06:30 – Updated: 2024-04-23 06:30Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver.
{
"affected": [],
"aliases": [
"CVE-2024-1241"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-23T04:15:08Z",
"severity": "MODERATE"
},
"details": "Watchdog Antivirus v1.6.415 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002014 IOCTL code of the wsdk-driver.sys driver.",
"id": "GHSA-57mj-8cw4-cm9w",
"modified": "2024-04-23T06:30:46Z",
"published": "2024-04-23T06:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1241"
},
{
"type": "WEB",
"url": "https://fluidattacks.com/advisories/cole"
},
{
"type": "WEB",
"url": "https://watchdog.dev/solutions/anti-virus"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57PW-GF47-FR76
Vulnerability from github – Published: 2025-03-27 18:31 – Updated: 2025-04-14 21:32In the Linux kernel, the following vulnerability has been resolved:
phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe()
sp_usb_phy_probe() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use usbphy->moon4_res_mem->start as input, which may causes null-ptr-deref. Check the ret value of platform_get_resource_byname() to avoid the null-ptr-deref.
{
"affected": [],
"aliases": [
"CVE-2022-49756"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-27T17:15:40Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe()\n\nsp_usb_phy_probe() will call platform_get_resource_byname() that may fail\nand return NULL. devm_ioremap() will use usbphy-\u003emoon4_res_mem-\u003estart as\ninput, which may causes null-ptr-deref. Check the ret value of\nplatform_get_resource_byname() to avoid the null-ptr-deref.",
"id": "GHSA-57pw-gf47-fr76",
"modified": "2025-04-14T21:32:23Z",
"published": "2025-03-27T18:31:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49756"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/17eee264ef386ef30a69dd70e36f29893b85c170"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d838b5c99bcecd593b4710a93fce8fdbf122395b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57Q3-HH7M-Q296
Vulnerability from github – Published: 2025-06-18 12:30 – Updated: 2025-11-14 18:31In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot
It is not yet clear, but it is possible to create a firmware so broken that it will send a reply message before a FW_READY message (it is not yet clear if FW_READY will arrive later). Since the reply_data is allocated only after the FW_READY message, this will lead to a NULL pointer dereference if not filtered out.
The issue was reported with IPC4 firmware but the same condition is present for IPC3.
{
"affected": [],
"aliases": [
"CVE-2022-50015"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-18T11:15:29Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Intel: hda-ipc: Do not process IPC reply before firmware boot\n\nIt is not yet clear, but it is possible to create a firmware so broken\nthat it will send a reply message before a FW_READY message (it is not\nyet clear if FW_READY will arrive later).\nSince the reply_data is allocated only after the FW_READY message, this\nwill lead to a NULL pointer dereference if not filtered out.\n\nThe issue was reported with IPC4 firmware but the same condition is present\nfor IPC3.",
"id": "GHSA-57q3-hh7m-q296",
"modified": "2025-11-14T18:31:26Z",
"published": "2025-06-18T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50015"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/48945246cf802b9866f3a821103f1a7a196baf68"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/499cc881b09c8283ab5e75b0d6d21cb427722161"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-57WX-M983-2F88
Vulnerability from github – Published: 2021-11-10 19:37 – Updated: 2024-11-07 22:20Impact
The code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing nullptrs or via CHECK-failures) as well as abuse undefined behavior (binding references to nullptrs). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call.
Note: Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. Instead, please use the downstream TensorFlow Decision Forests project which is newer and supports more features. We will deprecate TensorFlow's boosted trees APIs in subsequent releases.
Patches
We have patched the issue in GitHub commit 5c8c9a8bfe750f9743d0c859bae112060b216f5c.
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41208"
],
"database_specific": {
"cwe_ids": [
"CWE-476",
"CWE-824"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:38:32Z",
"nvd_published_at": "2021-11-05T22:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nThe [code for boosted trees in TensorFlow](https://github.com/tensorflow/tensorflow/blob/e0b6e58c328059829c3eb968136f17aa72b6c876/tensorflow/core/kernels/boosted_trees/stats_ops.cc) is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call.\n\n**Note**: Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. Instead, please use the downstream [TensorFlow Decision Forests](https://github.com/tensorflow/decision-forests) project which is newer and supports more features. We will deprecate TensorFlow\u0027s boosted trees APIs in subsequent releases.\n\n### Patches\nWe have patched the issue in GitHub commit [5c8c9a8bfe750f9743d0c859bae112060b216f5c](https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-57wx-m983-2f88",
"modified": "2024-11-07T22:20:18Z",
"published": "2021-11-10T19:37:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41208"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-617.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-815.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-400.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Incomplete validation in boosted trees code"
}
GHSA-57X8-285F-VF9C
Vulnerability from github – Published: 2025-12-18 21:31 – Updated: 2025-12-19 18:31A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer via IE.RecoveryTimeStamp() instead of validating the message. This results in a panic and terminates the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
{
"affected": [],
"aliases": [
"CVE-2025-65564"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-18T19:16:33Z",
"severity": "HIGH"
},
"details": "A denial-of-service vulnerability exists in the omec-upf (upf-epc-pfcpiface) in version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory Recovery Time Stamp Information Element, the association setup handler dereferences a nil pointer via IE.RecoveryTimeStamp() instead of validating the message. This results in a panic and terminates the UPF process. An attacker who can send PFCP Association Setup Request messages to the UPF\u0027s N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.",
"id": "GHSA-57x8-285f-vf9c",
"modified": "2025-12-19T18:31:12Z",
"published": "2025-12-18T21:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65564"
},
{
"type": "WEB",
"url": "https://github.com/omec-project/upf/issues/956"
},
{
"type": "WEB",
"url": "https://github.com/omec-project/upf/pull/964"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-583F-27PX-XQJW
Vulnerability from github – Published: 2025-08-29 18:30 – Updated: 2025-08-29 18:30A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.5.3145 build 20250526 and later QuTS hero h5.2.5.3138 build 20250519 and later
{
"affected": [],
"aliases": [
"CVE-2025-30268"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-29T18:15:38Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.5.3145 build 20250526 and later\nQuTS hero h5.2.5.3138 build 20250519 and later",
"id": "GHSA-583f-27px-xqjw",
"modified": "2025-08-29T18:30:53Z",
"published": "2025-08-29T18:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30268"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-588R-HGVG-HCJC
Vulnerability from github – Published: 2022-05-03 03:15 – Updated: 2022-05-03 03:15ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
{
"affected": [],
"aliases": [
"CVE-2006-2661"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2006-05-30T19:02:00Z",
"severity": "MODERATE"
},
"details": "ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.",
"id": "GHSA-588r-hgvg-hcjc",
"modified": "2022-05-03T03:15:57Z",
"published": "2022-05-03T03:15:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2661"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=183676"
},
{
"type": "WEB",
"url": "https://issues.rpath.com/browse/RPL-429"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11692"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/291-1"
},
{
"type": "WEB",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0012.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20525"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20591"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20638"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/20791"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21062"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21135"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21385"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/21701"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/23939"
},
{
"type": "WEB",
"url": "http://securitytracker.com/id?1016520"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102705-1"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-176.htm"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2006/dsa-1095"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:099"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0500.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/436836/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/18329"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2007/0381"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.