Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6305 vulnerabilities reference this CWE, most recent first.

GHSA-63W7-9F5J-2RJG

Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2022-05-13 01:34
VLAI
Details

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-14811"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-26T20:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.",
  "id": "GHSA-63w7-9f5j-2rjg",
  "modified": "2022-05-13T01:34:27Z",
  "published": "2022-05-13T01:34:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14811"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105341"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63XC-PMJJ-Q4VJ

Vulnerability from github – Published: 2025-09-18 18:30 – Updated: 2026-06-01 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()

When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former field was introduced by commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()") while the later one was introduced by commit f73316482977 ("blk-cgroup: reimplement basic IO stats using cgroup rstat").

Unfortunately those fields in the blkg_iostat_set's are not properly re-initialized when they are cleared in v1's blkcg_reset_stats(). This can lead to a kernel panic due to NULL pointer access of the blkg pointer. The missing initialization of sync is less problematic and can be a problem in a debug kernel due to missing lockdep initialization.

Fix these problems by re-initializing them after memory clearing.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53421"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-18T16:15:45Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()\n\nWhen blkg_alloc() is called to allocate a blkcg_gq structure\nwith the associated blkg_iostat_set\u0027s, there are 2 fields within\nblkg_iostat_set that requires proper initialization - blkg \u0026 sync.\nThe former field was introduced by commit 3b8cc6298724 (\"blk-cgroup:\nOptimize blkcg_rstat_flush()\") while the later one was introduced by\ncommit f73316482977 (\"blk-cgroup: reimplement basic IO stats using\ncgroup rstat\").\n\nUnfortunately those fields in the blkg_iostat_set\u0027s are not properly\nre-initialized when they are cleared in v1\u0027s blkcg_reset_stats(). This\ncan lead to a kernel panic due to NULL pointer access of the blkg\npointer. The missing initialization of sync is less problematic and\ncan be a problem in a debug kernel due to missing lockdep initialization.\n\nFix these problems by re-initializing them after memory clearing.",
  "id": "GHSA-63xc-pmjj-q4vj",
  "modified": "2026-06-01T18:31:21Z",
  "published": "2025-09-18T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53421"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0561aa6033dd181594116d705c41fc16e97161a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3d2af77e31ade05ff7ccc3658c3635ec1bea0979"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/58c135513562698f222a58ba07dbdfcfb268aa0d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/892faa76be894d324bf48b12a55c7af7be2bad83"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abbce7f82613ea5eeefd0fc3c1c8e449b9cef2a2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b0d26283af612b9e0cc3188b0b88ad7fdea447e8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-63XG-GPGQ-R284

Vulnerability from github – Published: 2022-05-17 01:58 – Updated: 2022-05-17 01:58
VLAI
Details

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-8592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-18T18:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.",
  "id": "GHSA-63xg-gpgq-r284",
  "modified": "2022-05-17T01:58:18Z",
  "published": "2022-05-17T01:58:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8592"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-07-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99467"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6438-JWC8-2C68

Vulnerability from github – Published: 2026-04-30 12:33 – Updated: 2026-04-30 12:33
VLAI
Details

NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.

This vulnerability is associated with program files sip/utils/src/sipuri.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-30T10:16:02Z",
    "severity": "HIGH"
  },
  "details": "NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.\n\n This vulnerability is associated with program files sip/utils/src/sipuri.c.",
  "id": "GHSA-6438-jwc8-2c68",
  "modified": "2026-04-30T12:33:12Z",
  "published": "2026-04-30T12:33:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42800"
    },
    {
      "type": "WEB",
      "url": "https://www.asrmicro.com/en/goods/psirt?cid=44"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6443-G45P-RF4P

Vulnerability from github – Published: 2024-12-10 21:30 – Updated: 2024-12-10 21:30
VLAI
Details

Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49554"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-10T20:15:19Z",
    "severity": "MODERATE"
  },
  "details": "Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
  "id": "GHSA-6443-g45p-rf4p",
  "modified": "2024-12-10T21:30:53Z",
  "published": "2024-12-10T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49554"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/media-encoder/apsb24-93.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6444-6H76-2FX4

Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01
VLAI
Details

An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXA_CFG2.ini" without a cookie header to trigger this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14436"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-14T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG2.ini\" without a cookie header to trigger this vulnerability.",
  "id": "GHSA-6444-6h76-2fx4",
  "modified": "2022-05-13T01:01:37Z",
  "published": "2022-05-13T01:01:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14436"
    },
    {
      "type": "WEB",
      "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6447-4W47-GH9G

Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

arm64: mm: Handle invalid large leaf mappings correctly

It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing the PTE_VALID bit. But until commit a166563e7ec37 ("arm64: mm: support large block mapping when rodata=full") large leaf mappings were never made invalid in this way.

It turns out various parts of the code base are not equipped to handle invalid large leaf mappings (in the way they are currently encoded) and I've observed a kernel panic while booting a realm guest on a BBML2_NOABORT system as a result:

[ 15.432706] software IO TLB: Memory encryption is active and system is using DMA bounce buffers [ 15.476896] Unable to handle kernel paging request at virtual address ffff000019600000 [ 15.513762] Mem abort info: [ 15.527245] ESR = 0x0000000096000046 [ 15.548553] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.572146] SET = 0, FnV = 0 [ 15.592141] EA = 0, S1PTW = 0 [ 15.612694] FSC = 0x06: level 2 translation fault [ 15.640644] Data abort info: [ 15.661983] ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000 [ 15.694875] CM = 0, WnR = 1, TnD = 0, TagAccess = 0 [ 15.723740] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 15.755776] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000081f3f000 [ 15.800410] [ffff000019600000] pgd=0000000000000000, p4d=180000009ffff403, pud=180000009fffe403, pmd=00e8000199600704 [ 15.855046] Internal error: Oops: 0000000096000046 [#1] SMP [ 15.886394] Modules linked in: [ 15.900029] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-rc4-dirty #4 PREEMPT [ 15.935258] Hardware name: linux,dummy-virt (DT) [ 15.955612] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 15.986009] pc : __pi_memcpy_generic+0x128/0x22c [ 16.006163] lr : swiotlb_bounce+0xf4/0x158 [ 16.024145] sp : ffff80008000b8f0 [ 16.038896] x29: ffff80008000b8f0 x28: 0000000000000000 x27: 0000000000000000 [ 16.069953] x26: ffffb3976d261ba8 x25: 0000000000000000 x24: ffff000019600000 [ 16.100876] x23: 0000000000000001 x22: ffff0000043430d0 x21: 0000000000007ff0 [ 16.131946] x20: 0000000084570010 x19: 0000000000000000 x18: ffff00001ffe3fcc [ 16.163073] x17: 0000000000000000 x16: 00000000003fffff x15: 646e612065766974 [ 16.194131] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 16.225059] x11: 0000000000000000 x10: 0000000000000010 x9 : 0000000000000018 [ 16.256113] x8 : 0000000000000018 x7 : 0000000000000000 x6 : 0000000000000000 [ 16.287203] x5 : ffff000019607ff0 x4 : ffff000004578000 x3 : ffff000019600000 [ 16.318145] x2 : 0000000000007ff0 x1 : ffff000004570010 x0 : ffff000019600000 [ 16.349071] Call trace: [ 16.360143] __pi_memcpy_generic+0x128/0x22c (P) [ 16.380310] swiotlb_tbl_map_single+0x154/0x2b4 [ 16.400282] swiotlb_map+0x5c/0x228 [ 16.415984] dma_map_phys+0x244/0x2b8 [ 16.432199] dma_map_page_attrs+0x44/0x58 [ 16.449782] virtqueue_map_page_attrs+0x38/0x44 [ 16.469596] virtqueue_map_single_attrs+0xc0/0x130 [ 16.490509] virtnet_rq_alloc.isra.0+0xa4/0x1fc [ 16.510355] try_fill_recv+0x2a4/0x584 [ 16.526989] virtnet_open+0xd4/0x238 [ 16.542775] __dev_open+0x110/0x24c [ 16.558280] __dev_change_flags+0x194/0x20c [ 16.576879] netif_change_flags+0x24/0x6c [ 16.594489] dev_change_flags+0x48/0x7c [ 16.611462] ip_auto_config+0x258/0x1114 [ 16.628727] do_one_initcall+0x80/0x1c8 [ 16.645590] kernel_init_freeable+0x208/0x2f0 [ 16.664917] kernel_init+0x24/0x1e0 [ 16.680295] ret_from_fork+0x10/0x20 [ 16.696369] Code: 927cec03 cb0e0021 8b0e0042 a9411c26 (a900340c) [ 16.723106] ---[ end trace 0000000000000000 ]--- [ 16.752866] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b [ 16.792556] Kernel Offset: 0x3396ea200000 from 0xffff8000800000 ---truncated---

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-31600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-24T15:16:38Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mm: Handle invalid large leaf mappings correctly\n\nIt has been possible for a long time to mark ptes in the linear map as\ninvalid. This is done for secretmem, kfence, realm dma memory un/share,\nand others, by simply clearing the PTE_VALID bit. But until commit\na166563e7ec37 (\"arm64: mm: support large block mapping when\nrodata=full\") large leaf mappings were never made invalid in this way.\n\nIt turns out various parts of the code base are not equipped to handle\ninvalid large leaf mappings (in the way they are currently encoded) and\nI\u0027ve observed a kernel panic while booting a realm guest on a\nBBML2_NOABORT system as a result:\n\n[   15.432706] software IO TLB: Memory encryption is active and system is using DMA bounce buffers\n[   15.476896] Unable to handle kernel paging request at virtual address ffff000019600000\n[   15.513762] Mem abort info:\n[   15.527245]   ESR = 0x0000000096000046\n[   15.548553]   EC = 0x25: DABT (current EL), IL = 32 bits\n[   15.572146]   SET = 0, FnV = 0\n[   15.592141]   EA = 0, S1PTW = 0\n[   15.612694]   FSC = 0x06: level 2 translation fault\n[   15.640644] Data abort info:\n[   15.661983]   ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000\n[   15.694875]   CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[   15.723740]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[   15.755776] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000081f3f000\n[   15.800410] [ffff000019600000] pgd=0000000000000000, p4d=180000009ffff403, pud=180000009fffe403, pmd=00e8000199600704\n[   15.855046] Internal error: Oops: 0000000096000046 [#1]  SMP\n[   15.886394] Modules linked in:\n[   15.900029] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-rc4-dirty #4 PREEMPT\n[   15.935258] Hardware name: linux,dummy-virt (DT)\n[   15.955612] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[   15.986009] pc : __pi_memcpy_generic+0x128/0x22c\n[   16.006163] lr : swiotlb_bounce+0xf4/0x158\n[   16.024145] sp : ffff80008000b8f0\n[   16.038896] x29: ffff80008000b8f0 x28: 0000000000000000 x27: 0000000000000000\n[   16.069953] x26: ffffb3976d261ba8 x25: 0000000000000000 x24: ffff000019600000\n[   16.100876] x23: 0000000000000001 x22: ffff0000043430d0 x21: 0000000000007ff0\n[   16.131946] x20: 0000000084570010 x19: 0000000000000000 x18: ffff00001ffe3fcc\n[   16.163073] x17: 0000000000000000 x16: 00000000003fffff x15: 646e612065766974\n[   16.194131] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[   16.225059] x11: 0000000000000000 x10: 0000000000000010 x9 : 0000000000000018\n[   16.256113] x8 : 0000000000000018 x7 : 0000000000000000 x6 : 0000000000000000\n[   16.287203] x5 : ffff000019607ff0 x4 : ffff000004578000 x3 : ffff000019600000\n[   16.318145] x2 : 0000000000007ff0 x1 : ffff000004570010 x0 : ffff000019600000\n[   16.349071] Call trace:\n[   16.360143]  __pi_memcpy_generic+0x128/0x22c (P)\n[   16.380310]  swiotlb_tbl_map_single+0x154/0x2b4\n[   16.400282]  swiotlb_map+0x5c/0x228\n[   16.415984]  dma_map_phys+0x244/0x2b8\n[   16.432199]  dma_map_page_attrs+0x44/0x58\n[   16.449782]  virtqueue_map_page_attrs+0x38/0x44\n[   16.469596]  virtqueue_map_single_attrs+0xc0/0x130\n[   16.490509]  virtnet_rq_alloc.isra.0+0xa4/0x1fc\n[   16.510355]  try_fill_recv+0x2a4/0x584\n[   16.526989]  virtnet_open+0xd4/0x238\n[   16.542775]  __dev_open+0x110/0x24c\n[   16.558280]  __dev_change_flags+0x194/0x20c\n[   16.576879]  netif_change_flags+0x24/0x6c\n[   16.594489]  dev_change_flags+0x48/0x7c\n[   16.611462]  ip_auto_config+0x258/0x1114\n[   16.628727]  do_one_initcall+0x80/0x1c8\n[   16.645590]  kernel_init_freeable+0x208/0x2f0\n[   16.664917]  kernel_init+0x24/0x1e0\n[   16.680295]  ret_from_fork+0x10/0x20\n[   16.696369] Code: 927cec03 cb0e0021 8b0e0042 a9411c26 (a900340c)\n[   16.723106] ---[ end trace 0000000000000000 ]---\n[   16.752866] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[   16.792556] Kernel Offset: 0x3396ea200000 from 0xffff8000800000\n---truncated---",
  "id": "GHSA-6447-4w47-gh9g",
  "modified": "2026-04-27T15:30:45Z",
  "published": "2026-04-24T15:32:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31600"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/15bfba1ad77fad8e45a37aae54b3c813b33fe27c"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/747b6482e4e227fd351197dde6f64a97107a9e52"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8140b21d19015227a28c255404462f2d3e6edc9a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cbea627ea634f41c79d18f0c6d20db66fa93514c"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6487-F97W-H6PG

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2025-04-20 03:44
VLAI
Details

In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-31T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in the ReadCUTImage function in coders/cut.c that could allow an attacker to cause a Denial of Service (in the QueueAuthenticPixelCacheNexus function within the MagickCore/cache.c file) by submitting a malformed image file.",
  "id": "GHSA-6487-f97w-h6pg",
  "modified": "2025-04-20T03:44:15Z",
  "published": "2022-05-13T01:17:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14060"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ImageMagick/ImageMagick/issues/710"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-07"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3681-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-648V-392V-P884

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2026-01-26 18:31
VLAI
Details

In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-28855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-14T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).",
  "id": "GHSA-648v-392v-p884",
  "modified": "2026-01-26T18:31:24Z",
  "published": "2022-05-24T17:47:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28855"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jsummers/deark/commit/287f5ac31dfdc074669182f51ece637706070eeb"
    },
    {
      "type": "WEB",
      "url": "https://fatihhcelik.github.io/posts/NULL-Pointer-Dereference-Deark"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fuzzing2026/CVE-PoCs/tree/main/deark-CVE-2021-28855"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-64CW-WMC5-J274

Vulnerability from github – Published: 2022-05-17 02:51 – Updated: 2025-04-20 03:35
VLAI
Details

The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-10218"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-03T05:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.",
  "id": "GHSA-64cw-wmc5-j274",
  "modified": "2025-04-20T03:35:20Z",
  "published": "2022-05-17T02:51:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10218"
    },
    {
      "type": "WEB",
      "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697444"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=d621292fb2c8157d9899dcd83fd04dd250e30fe4"
    },
    {
      "type": "WEB",
      "url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.