CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6305 vulnerabilities reference this CWE, most recent first.
GHSA-63W7-9F5J-2RJG
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
{
"affected": [],
"aliases": [
"CVE-2018-14811"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-26T20:29:00Z",
"severity": "CRITICAL"
},
"details": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.",
"id": "GHSA-63w7-9f5j-2rjg",
"modified": "2022-05-13T01:34:27Z",
"published": "2022-05-13T01:34:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14811"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105341"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63XC-PMJJ-Q4VJ
Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2026-06-01 18:31In the Linux kernel, the following vulnerability has been resolved:
blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former field was introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") while the later one was introduced by commit f73316482977 ("blk-cgroup: reimplement basic IO stats using cgroup rstat").
Unfortunately those fields in the blkg_iostat_set's are not properly re-initialized when they are cleared in v1's blkcg_reset_stats(). This can lead to a kernel panic due to NULL pointer access of the blkg pointer. The missing initialization of sync is less problematic and can be a problem in a debug kernel due to missing lockdep initialization.
Fix these problems by re-initializing them after memory clearing.
{
"affected": [],
"aliases": [
"CVE-2023-53421"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-18T16:15:45Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()\n\nWhen blkg_alloc() is called to allocate a blkcg_gq structure\nwith the associated blkg_iostat_set\u0027s, there are 2 fields within\nblkg_iostat_set that requires proper initialization - blkg \u0026 sync.\nThe former field was introduced by commit 3b8cc6298724 (\"blk-cgroup:\nOptimize blkcg_rstat_flush()\") while the later one was introduced by\ncommit f73316482977 (\"blk-cgroup: reimplement basic IO stats using\ncgroup rstat\").\n\nUnfortunately those fields in the blkg_iostat_set\u0027s are not properly\nre-initialized when they are cleared in v1\u0027s blkcg_reset_stats(). This\ncan lead to a kernel panic due to NULL pointer access of the blkg\npointer. The missing initialization of sync is less problematic and\ncan be a problem in a debug kernel due to missing lockdep initialization.\n\nFix these problems by re-initializing them after memory clearing.",
"id": "GHSA-63xc-pmjj-q4vj",
"modified": "2026-06-01T18:31:21Z",
"published": "2025-09-18T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53421"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0561aa6033dd181594116d705c41fc16e97161a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3d2af77e31ade05ff7ccc3658c3635ec1bea0979"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/58c135513562698f222a58ba07dbdfcfb268aa0d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/892faa76be894d324bf48b12a55c7af7be2bad83"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/abbce7f82613ea5eeefd0fc3c1c8e449b9cef2a2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b0d26283af612b9e0cc3188b0b88ad7fdea447e8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-63XG-GPGQ-R284
Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
{
"affected": [],
"aliases": [
"CVE-2015-8592"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-18T18:29:00Z",
"severity": "CRITICAL"
},
"details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.",
"id": "GHSA-63xg-gpgq-r284",
"modified": "2022-05-17T01:58:18Z",
"published": "2022-05-17T01:58:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8592"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6438-JWC8-2C68
Vulnerability from github – Published: 2026-04-30 12:33 – Updated: 2026-04-30 12:33NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/sipuri.c.
{
"affected": [],
"aliases": [
"CVE-2026-42800"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-30T10:16:02Z",
"severity": "HIGH"
},
"details": "NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.\n\n This vulnerability is associated with program files sip/utils/src/sipuri.c.",
"id": "GHSA-6438-jwc8-2c68",
"modified": "2026-04-30T12:33:12Z",
"published": "2026-04-30T12:33:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42800"
},
{
"type": "WEB",
"url": "https://www.asrmicro.com/en/goods/psirt?cid=44"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-6443-G45P-RF4P
Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-49554"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-10T20:15:19Z",
"severity": "MODERATE"
},
"details": "Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-6443-g45p-rf4p",
"modified": "2024-12-10T21:30:53Z",
"published": "2024-12-10T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49554"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/media-encoder/apsb24-93.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6444-6H76-2FX4
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA_CFG2.ini" without a cookie header to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-14436"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-14T20:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG2.ini\" without a cookie header to trigger this vulnerability.",
"id": "GHSA-6444-6h76-2fx4",
"modified": "2022-05-13T01:01:37Z",
"published": "2022-05-13T01:01:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14436"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6447-4W47-GH9G
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30In the Linux kernel, the following vulnerability has been resolved:
arm64: mm: Handle invalid large leaf mappings correctly
It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing the PTE_VALID bit. But until commit a166563e7ec37 ("arm64: mm: support large block mapping when rodata=full") large leaf mappings were never made invalid in this way.
It turns out various parts of the code base are not equipped to handle invalid large leaf mappings (in the way they are currently encoded) and I've observed a kernel panic while booting a realm guest on a BBML2_NOABORT system as a result:
[ 15.432706] software IO TLB: Memory encryption is active and system is using DMA bounce buffers [ 15.476896] Unable to handle kernel paging request at virtual address ffff000019600000 [ 15.513762] Mem abort info: [ 15.527245] ESR = 0x0000000096000046 [ 15.548553] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.572146] SET = 0, FnV = 0 [ 15.592141] EA = 0, S1PTW = 0 [ 15.612694] FSC = 0x06: level 2 translation fault [ 15.640644] Data abort info: [ 15.661983] ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000 [ 15.694875] CM = 0, WnR = 1, TnD = 0, TagAccess = 0 [ 15.723740] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 15.755776] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000081f3f000 [ 15.800410] [ffff000019600000] pgd=0000000000000000, p4d=180000009ffff403, pud=180000009fffe403, pmd=00e8000199600704 [ 15.855046] Internal error: Oops: 0000000096000046 [#1] SMP [ 15.886394] Modules linked in: [ 15.900029] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-rc4-dirty #4 PREEMPT [ 15.935258] Hardware name: linux,dummy-virt (DT) [ 15.955612] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 15.986009] pc : __pi_memcpy_generic+0x128/0x22c [ 16.006163] lr : swiotlb_bounce+0xf4/0x158 [ 16.024145] sp : ffff80008000b8f0 [ 16.038896] x29: ffff80008000b8f0 x28: 0000000000000000 x27: 0000000000000000 [ 16.069953] x26: ffffb3976d261ba8 x25: 0000000000000000 x24: ffff000019600000 [ 16.100876] x23: 0000000000000001 x22: ffff0000043430d0 x21: 0000000000007ff0 [ 16.131946] x20: 0000000084570010 x19: 0000000000000000 x18: ffff00001ffe3fcc [ 16.163073] x17: 0000000000000000 x16: 00000000003fffff x15: 646e612065766974 [ 16.194131] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 16.225059] x11: 0000000000000000 x10: 0000000000000010 x9 : 0000000000000018 [ 16.256113] x8 : 0000000000000018 x7 : 0000000000000000 x6 : 0000000000000000 [ 16.287203] x5 : ffff000019607ff0 x4 : ffff000004578000 x3 : ffff000019600000 [ 16.318145] x2 : 0000000000007ff0 x1 : ffff000004570010 x0 : ffff000019600000 [ 16.349071] Call trace: [ 16.360143] __pi_memcpy_generic+0x128/0x22c (P) [ 16.380310] swiotlb_tbl_map_single+0x154/0x2b4 [ 16.400282] swiotlb_map+0x5c/0x228 [ 16.415984] dma_map_phys+0x244/0x2b8 [ 16.432199] dma_map_page_attrs+0x44/0x58 [ 16.449782] virtqueue_map_page_attrs+0x38/0x44 [ 16.469596] virtqueue_map_single_attrs+0xc0/0x130 [ 16.490509] virtnet_rq_alloc.isra.0+0xa4/0x1fc [ 16.510355] try_fill_recv+0x2a4/0x584 [ 16.526989] virtnet_open+0xd4/0x238 [ 16.542775] __dev_open+0x110/0x24c [ 16.558280] __dev_change_flags+0x194/0x20c [ 16.576879] netif_change_flags+0x24/0x6c [ 16.594489] dev_change_flags+0x48/0x7c [ 16.611462] ip_auto_config+0x258/0x1114 [ 16.628727] do_one_initcall+0x80/0x1c8 [ 16.645590] kernel_init_freeable+0x208/0x2f0 [ 16.664917] kernel_init+0x24/0x1e0 [ 16.680295] ret_from_fork+0x10/0x20 [ 16.696369] Code: 927cec03 cb0e0021 8b0e0042 a9411c26 (a900340c) [ 16.723106] ---[ end trace 0000000000000000 ]--- [ 16.752866] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 16.792556] Kernel Offset: 0x3396ea200000 from 0xffff8000800000 ---truncated---
{
"affected": [],
"aliases": [
"CVE-2026-31600"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:38Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mm: Handle invalid large leaf mappings correctly\n\nIt has been possible for a long time to mark ptes in the linear map as\ninvalid. This is done for secretmem, kfence, realm dma memory un/share,\nand others, by simply clearing the PTE_VALID bit. But until commit\na166563e7ec37 (\"arm64: mm: support large block mapping when\nrodata=full\") large leaf mappings were never made invalid in this way.\n\nIt turns out various parts of the code base are not equipped to handle\ninvalid large leaf mappings (in the way they are currently encoded) and\nI\u0027ve observed a kernel panic while booting a realm guest on a\nBBML2_NOABORT system as a result:\n\n[ 15.432706] software IO TLB: Memory encryption is active and system is using DMA bounce buffers\n[ 15.476896] Unable to handle kernel paging request at virtual address ffff000019600000\n[ 15.513762] Mem abort info:\n[ 15.527245] ESR = 0x0000000096000046\n[ 15.548553] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 15.572146] SET = 0, FnV = 0\n[ 15.592141] EA = 0, S1PTW = 0\n[ 15.612694] FSC = 0x06: level 2 translation fault\n[ 15.640644] Data abort info:\n[ 15.661983] ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000\n[ 15.694875] CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[ 15.723740] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 15.755776] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000081f3f000\n[ 15.800410] [ffff000019600000] pgd=0000000000000000, p4d=180000009ffff403, pud=180000009fffe403, pmd=00e8000199600704\n[ 15.855046] Internal error: Oops: 0000000096000046 [#1] SMP\n[ 15.886394] Modules linked in:\n[ 15.900029] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-rc4-dirty #4 PREEMPT\n[ 15.935258] Hardware name: linux,dummy-virt (DT)\n[ 15.955612] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 15.986009] pc : __pi_memcpy_generic+0x128/0x22c\n[ 16.006163] lr : swiotlb_bounce+0xf4/0x158\n[ 16.024145] sp : ffff80008000b8f0\n[ 16.038896] x29: ffff80008000b8f0 x28: 0000000000000000 x27: 0000000000000000\n[ 16.069953] x26: ffffb3976d261ba8 x25: 0000000000000000 x24: ffff000019600000\n[ 16.100876] x23: 0000000000000001 x22: ffff0000043430d0 x21: 0000000000007ff0\n[ 16.131946] x20: 0000000084570010 x19: 0000000000000000 x18: ffff00001ffe3fcc\n[ 16.163073] x17: 0000000000000000 x16: 00000000003fffff x15: 646e612065766974\n[ 16.194131] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 16.225059] x11: 0000000000000000 x10: 0000000000000010 x9 : 0000000000000018\n[ 16.256113] x8 : 0000000000000018 x7 : 0000000000000000 x6 : 0000000000000000\n[ 16.287203] x5 : ffff000019607ff0 x4 : ffff000004578000 x3 : ffff000019600000\n[ 16.318145] x2 : 0000000000007ff0 x1 : ffff000004570010 x0 : ffff000019600000\n[ 16.349071] Call trace:\n[ 16.360143] __pi_memcpy_generic+0x128/0x22c (P)\n[ 16.380310] swiotlb_tbl_map_single+0x154/0x2b4\n[ 16.400282] swiotlb_map+0x5c/0x228\n[ 16.415984] dma_map_phys+0x244/0x2b8\n[ 16.432199] dma_map_page_attrs+0x44/0x58\n[ 16.449782] virtqueue_map_page_attrs+0x38/0x44\n[ 16.469596] virtqueue_map_single_attrs+0xc0/0x130\n[ 16.490509] virtnet_rq_alloc.isra.0+0xa4/0x1fc\n[ 16.510355] try_fill_recv+0x2a4/0x584\n[ 16.526989] virtnet_open+0xd4/0x238\n[ 16.542775] __dev_open+0x110/0x24c\n[ 16.558280] __dev_change_flags+0x194/0x20c\n[ 16.576879] netif_change_flags+0x24/0x6c\n[ 16.594489] dev_change_flags+0x48/0x7c\n[ 16.611462] ip_auto_config+0x258/0x1114\n[ 16.628727] do_one_initcall+0x80/0x1c8\n[ 16.645590] kernel_init_freeable+0x208/0x2f0\n[ 16.664917] kernel_init+0x24/0x1e0\n[ 16.680295] ret_from_fork+0x10/0x20\n[ 16.696369] Code: 927cec03 cb0e0021 8b0e0042 a9411c26 (a900340c)\n[ 16.723106] ---[ end trace 0000000000000000 ]---\n[ 16.752866] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 16.792556] Kernel Offset: 0x3396ea200000 from 0xffff8000800000\n---truncated---",
"id": "GHSA-6447-4w47-gh9g",
"modified": "2026-04-27T15:30:45Z",
"published": "2026-04-24T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31600"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/15bfba1ad77fad8e45a37aae54b3c813b33fe27c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/747b6482e4e227fd351197dde6f64a97107a9e52"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/8140b21d19015227a28c255404462f2d3e6edc9a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cbea627ea634f41c79d18f0c6d20db66fa93514c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-6487-F97W-H6PG
Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:44In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.
{
"affected": [],
"aliases": [
"CVE-2017-14060"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-31T15:29:00Z",
"severity": "MODERATE"
},
"details": "In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.",
"id": "GHSA-6487-f97w-h6pg",
"modified": "2025-04-20T03:44:15Z",
"published": "2022-05-13T01:17:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14060"
},
{
"type": "WEB",
"url": "https://github.com/ImageMagick/ImageMagick/issues/710"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3681-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-648V-392V-P884
Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2026-01-26 18:31In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).
{
"affected": [],
"aliases": [
"CVE-2021-28855"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-04-14T17:15:00Z",
"severity": "MODERATE"
},
"details": "In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).",
"id": "GHSA-648v-392v-p884",
"modified": "2026-01-26T18:31:24Z",
"published": "2022-05-24T17:47:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28855"
},
{
"type": "WEB",
"url": "https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb"
},
{
"type": "WEB",
"url": "https://fatihhcelik.github.io/posts/NULL-Pointer-Dereference-Deark"
},
{
"type": "WEB",
"url": "https://github.com/fuzzing2026/CVE-PoCs/tree/main/deark-CVE-2021-28855"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-64CW-WMC5-J274
Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2025-04-20 03:35The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2016-10218"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-03T05:59:00Z",
"severity": "MODERATE"
},
"details": "The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
"id": "GHSA-64cw-wmc5-j274",
"modified": "2025-04-20T03:35:20Z",
"published": "2022-05-17T02:51:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10218"
},
{
"type": "WEB",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697444"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d621292fb2c8157d9899dcd83fd04dd250e30fe4"
},
{
"type": "WEB",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.