Common Weakness Enumeration

CWE-476

Allowed

NULL Pointer Dereference

Abstraction: Base · Status: Stable

The product dereferences a pointer that it expects to be valid but is NULL.

6310 vulnerabilities reference this CWE, most recent first.

GHSA-X274-3J7P-QFPP

Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes

In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41095"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-29T16:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
  "id": "GHSA-x274-3j7p-qfpp",
  "modified": "2025-11-04T00:31:04Z",
  "published": "2024-07-29T18:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41095"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2FC-9W3J-84R4

Vulnerability from github – Published: 2025-11-24 15:30 – Updated: 2025-11-24 15:30
VLAI
Details

NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65493"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-24T14:15:46Z",
    "severity": "HIGH"
  },
  "details": "NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.",
  "id": "GHSA-x2fc-9w3j-84r4",
  "modified": "2025-11-24T15:30:28Z",
  "published": "2025-11-24T15:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65493"
    },
    {
      "type": "WEB",
      "url": "https://github.com/obgm/libcoap/issues/1743"
    },
    {
      "type": "WEB",
      "url": "https://github.com/obgm/libcoap/pull/1750"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2GP-P6CX-82P9

Vulnerability from github – Published: 2024-04-30 00:30 – Updated: 2024-11-12 18:30
VLAI
Details

The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-34044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-30T00:15:07Z",
    "severity": "MODERATE"
  },
  "details": "The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.",
  "id": "GHSA-x2gp-p6cx-82p9",
  "modified": "2024-11-12T18:30:50Z",
  "published": "2024-04-30T00:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34044"
    },
    {
      "type": "WEB",
      "url": "https://jira.o-ran-sc.org/browse/RIC-1043"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2GQ-QH39-X424

Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2025-04-12 13:02
VLAI
Details

The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-07-25T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.",
  "id": "GHSA-x2gq-qh39-x424",
  "modified": "2025-04-12T13:02:52Z",
  "published": "2022-05-14T03:56:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6292"
    },
    {
      "type": "WEB",
      "url": "https://bugs.php.net/72618"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201611-22"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT207170"
    },
    {
      "type": "WEB",
      "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=41131cd41d2fd2e0c2f332a27988df75659c42e4"
    },
    {
      "type": "WEB",
      "url": "http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2016/07/24/2"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-5.php"
    },
    {
      "type": "WEB",
      "url": "http://php.net/ChangeLog-7.php"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2016/dsa-3631"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/92078"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036430"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2J2-PG6R-PP2Q

Vulnerability from github – Published: 2026-01-02 15:30 – Updated: 2026-01-05 21:30
VLAI
Details

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53405"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-02T15:16:01Z",
    "severity": "LOW"
  },
  "details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3256 build 20250913 and later\nQuTS hero h5.2.7.3256 build 20250913 and later\nQuTS hero h5.3.1.3250 build 20250912 and later",
  "id": "GHSA-x2j2-pg6r-pp2q",
  "modified": "2026-01-05T21:30:30Z",
  "published": "2026-01-02T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53405"
    },
    {
      "type": "WEB",
      "url": "https://www.qnap.com/en/security-advisory/qsa-25-50"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X2MG-85CJ-XC8Q

Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-12 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: u_serial: Add null pointer check in gserial_resume

Consider a case where gserial_disconnect has already cleared gser->ioport. And if a wakeup interrupt triggers afterwards, gserial_resume gets called, which will lead to accessing of gser->ioport and thus causing null pointer dereference.Add a null pointer check to prevent this.

Added a static spinlock to prevent gser->ioport from becoming null after the newly added check.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-53551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-04T16:15:50Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Add null pointer check in gserial_resume\n\nConsider a case where gserial_disconnect has already cleared\ngser-\u003eioport. And if a wakeup interrupt triggers afterwards,\ngserial_resume gets called, which will lead to accessing of\ngser-\u003eioport and thus causing null pointer dereference.Add\na null pointer check to prevent this.\n\nAdded a static spinlock to prevent gser-\u003eioport from becoming\nnull after the newly added check.",
  "id": "GHSA-x2mg-85cj-xc8q",
  "modified": "2026-02-12T18:30:18Z",
  "published": "2025-10-04T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53551"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b24c980dc07be4550a9d1450ed7057f882530e5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/44e004f757a7ae13dfebaadbcfdb1a6f98c10377"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5ec63fdbca604568890c577753c6f66c5b3ef0b5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c5360eec648bd506afa304ae4a71f82e13d41897"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ec357cd3e8af614855d286dd378725cdc7264df6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2MR-3X78-F97G

Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-19 18:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero

The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the device reports zero interfaces (either due to hardware configuration or firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10) instead of NULL.

Later in dpaa2_switch_probe(), the NAPI initialization unconditionally accesses ethsw->ports[0]->netdev, which attempts to dereference ZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.

Add a check to ensure num_ifs is greater than zero after retrieving device attributes. This prevents the zero-sized allocations and subsequent invalid pointer dereference.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-23206"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-14T17:15:58Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero\n\nThe driver allocates arrays for ports, FDBs, and filter blocks using\nkcalloc() with ethsw-\u003esw_attr.num_ifs as the element count. When the\ndevice reports zero interfaces (either due to hardware configuration\nor firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)\ninstead of NULL.\n\nLater in dpaa2_switch_probe(), the NAPI initialization unconditionally\naccesses ethsw-\u003eports[0]-\u003enetdev, which attempts to dereference\nZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.\n\nAdd a check to ensure num_ifs is greater than zero after retrieving\ndevice attributes. This prevents the zero-sized allocations and\nsubsequent invalid pointer dereference.",
  "id": "GHSA-x2mr-3x78-f97g",
  "modified": "2026-03-19T18:31:14Z",
  "published": "2026-02-14T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23206"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/155eb99aff2920153bf21217ae29565fff81e6af"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2fcccca88456b592bd668db13aa1d29ed257ca2b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4acc40db06ffd0fd92683505342b00c8a7394c60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/80165ff16051448d6f840585ebe13f2400415df3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b97415c4362f739e25ec6f71012277086fabdf6f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed48a84a72fefb20a82dd90a7caa7807e90c6f66"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2P6-2VRH-8V9R

Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: populate connector of struct dp_panel

DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum.

The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned.

Changes in V2: -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()

Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp

Changes in V4: -- add more details to commit text

Changes in v10: -- group into one series

Changes in v11: -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read

Signee-off-by: Kuogee Hsieh quic_khsieh@quicinc.com

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-49221"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-26T07:00:59Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: populate connector of struct dp_panel\n\nDP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose\nand expect DP source return correct checksum. During drm edid read,\ncorrect edid checksum is calculated and stored at\nconnector::real_edid_checksum.\n\nThe problem is struct dp_panel::connector never be assigned, instead the\nconnector is stored in struct msm_dp::connector. When we run compliance\ntesting test case 4.2.2.6 dp_panel_handle_sink_request() won\u0027t have a valid\nedid set in struct dp_panel::edid so we\u0027ll try to use the connectors\nreal_edid_checksum and hit a NULL pointer dereference error because the\nconnector pointer is never assigned.\n\nChanges in V2:\n-- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()\n\nChanges in V3:\n-- remove unhelpful kernel crash trace commit text\n-- remove renaming dp_display parameter to dp\n\nChanges in V4:\n-- add more details to commit text\n\nChanges in v10:\n--  group into one series\n\nChanges in v11:\n-- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read\n\nSignee-off-by: Kuogee Hsieh \u003cquic_khsieh@quicinc.com\u003e",
  "id": "GHSA-x2p6-2vrh-8v9r",
  "modified": "2025-03-18T21:32:00Z",
  "published": "2025-03-18T21:32:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49221"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/413c62697b61226a236c8b1f5cd64dcf42bcc12f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5e602f5156910c7b19661699896cb6e3fb94fab9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9525b8bcae8b99188990b56484799cf4b1b43786"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fbba600f432a360b42452fee79d1fb35d3aa8aeb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2R3-QG8C-GHW6

Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI
Details

There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-20537"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-28T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.",
  "id": "GHSA-x2r3-qg8c-ghw6",
  "modified": "2022-05-13T01:27:11Z",
  "published": "2022-05-13T01:27:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20537"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652611"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X2RG-CR78-H3GM

Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2025-04-20 03:46
VLAI
Details

ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-04T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.",
  "id": "GHSA-x2rg-cr78-h3gm",
  "modified": "2025-04-20T03:46:19Z",
  "published": "2022-05-14T00:57:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14994"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
    },
    {
      "type": "WEB",
      "url": "https://nandynarwhals.org/CVE-2017-14994"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/graphicsmagick/bugs/512"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4232-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4321"
    },
    {
      "type": "WEB",
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=b3eca3eaa264"
    },
    {
      "type": "WEB",
      "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-56
Implementation

For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].

Mitigation
Requirements

Select a programming language that is not susceptible to these issues.

Mitigation
Implementation

Check the results of all functions that return a value and verify that the value is non-null before acting upon it.

Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.

No CAPEC attack patterns related to this CWE.