CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6310 vulnerabilities reference this CWE, most recent first.
GHSA-X274-3J7P-QFPP
Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd.
{
"affected": [],
"aliases": [
"CVE-2024-41095"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T16:15:04Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes\n\nIn nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is\nassigned to mode, which will lead to a possible NULL pointer dereference\non failure of drm_mode_duplicate(). Add a check to avoid npd.",
"id": "GHSA-x274-3j7p-qfpp",
"modified": "2025-11-04T00:31:04Z",
"published": "2024-07-29T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41095"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b0916b3726"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2FC-9W3J-84R4
Vulnerability from github – Published: 2025-11-24 15:30 – Updated: 2025-11-24 15:30NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
{
"affected": [],
"aliases": [
"CVE-2025-65493"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-24T14:15:46Z",
"severity": "HIGH"
},
"details": "NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.",
"id": "GHSA-x2fc-9w3j-84r4",
"modified": "2025-11-24T15:30:28Z",
"published": "2025-11-24T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65493"
},
{
"type": "WEB",
"url": "https://github.com/obgm/libcoap/issues/1743"
},
{
"type": "WEB",
"url": "https://github.com/obgm/libcoap/pull/1750"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2GP-P6CX-82P9
Vulnerability from github – Published: 2024-04-30 00:30 – Updated: 2024-11-12 18:30The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.
{
"affected": [],
"aliases": [
"CVE-2024-34044"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-30T00:15:07Z",
"severity": "MODERATE"
},
"details": "The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.",
"id": "GHSA-x2gp-p6cx-82p9",
"modified": "2024-11-12T18:30:50Z",
"published": "2024-04-30T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34044"
},
{
"type": "WEB",
"url": "https://jira.o-ran-sc.org/browse/RIC-1043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-X2GQ-QH39-X424
Vulnerability from github – Published: 2022-05-14 03:56 – Updated: 2025-04-12 13:02The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
{
"affected": [],
"aliases": [
"CVE-2016-6292"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-07-25T14:59:00Z",
"severity": "MODERATE"
},
"details": "The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.",
"id": "GHSA-x2gq-qh39-x424",
"modified": "2025-04-12T13:02:52Z",
"published": "2022-05-14T03:56:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6292"
},
{
"type": "WEB",
"url": "https://bugs.php.net/72618"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201611-22"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT207170"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=41131cd41d2fd2e0c2f332a27988df75659c42e4"
},
{
"type": "WEB",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2016/07/24/2"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-5.php"
},
{
"type": "WEB",
"url": "http://php.net/ChangeLog-7.php"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2750.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3631"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/92078"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036430"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2J2-PG6R-PP2Q
Vulnerability from github – Published: 2026-01-02 15:30 – Updated: 2026-01-05 21:30A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.7.3256 build 20250913 and later QuTS hero h5.2.7.3256 build 20250913 and later QuTS hero h5.3.1.3250 build 20250912 and later
{
"affected": [],
"aliases": [
"CVE-2025-53405"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-02T15:16:01Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.7.3256 build 20250913 and later\nQuTS hero h5.2.7.3256 build 20250913 and later\nQuTS hero h5.3.1.3250 build 20250912 and later",
"id": "GHSA-x2j2-pg6r-pp2q",
"modified": "2026-01-05T21:30:30Z",
"published": "2026-01-02T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53405"
},
{
"type": "WEB",
"url": "https://www.qnap.com/en/security-advisory/qsa-25-50"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-X2MG-85CJ-XC8Q
Vulnerability from github – Published: 2025-10-04 18:31 – Updated: 2026-02-12 18:30In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: u_serial: Add null pointer check in gserial_resume
Consider a case where gserial_disconnect has already cleared gser->ioport. And if a wakeup interrupt triggers afterwards, gserial_resume gets called, which will lead to accessing of gser->ioport and thus causing null pointer dereference.Add a null pointer check to prevent this.
Added a static spinlock to prevent gser->ioport from becoming null after the newly added check.
{
"affected": [],
"aliases": [
"CVE-2023-53551"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-04T16:15:50Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Add null pointer check in gserial_resume\n\nConsider a case where gserial_disconnect has already cleared\ngser-\u003eioport. And if a wakeup interrupt triggers afterwards,\ngserial_resume gets called, which will lead to accessing of\ngser-\u003eioport and thus causing null pointer dereference.Add\na null pointer check to prevent this.\n\nAdded a static spinlock to prevent gser-\u003eioport from becoming\nnull after the newly added check.",
"id": "GHSA-x2mg-85cj-xc8q",
"modified": "2026-02-12T18:30:18Z",
"published": "2025-10-04T18:31:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53551"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b24c980dc07be4550a9d1450ed7057f882530e5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/44e004f757a7ae13dfebaadbcfdb1a6f98c10377"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5ec63fdbca604568890c577753c6f66c5b3ef0b5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c5360eec648bd506afa304ae4a71f82e13d41897"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec357cd3e8af614855d286dd378725cdc7264df6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2MR-3X78-F97G
Vulnerability from github – Published: 2026-02-14 18:30 – Updated: 2026-03-19 18:31In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero
The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the device reports zero interfaces (either due to hardware configuration or firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10) instead of NULL.
Later in dpaa2_switch_probe(), the NAPI initialization unconditionally accesses ethsw->ports[0]->netdev, which attempts to dereference ZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.
Add a check to ensure num_ifs is greater than zero after retrieving device attributes. This prevents the zero-sized allocations and subsequent invalid pointer dereference.
{
"affected": [],
"aliases": [
"CVE-2026-23206"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T17:15:58Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero\n\nThe driver allocates arrays for ports, FDBs, and filter blocks using\nkcalloc() with ethsw-\u003esw_attr.num_ifs as the element count. When the\ndevice reports zero interfaces (either due to hardware configuration\nor firmware issues), kcalloc(0, ...) returns ZERO_SIZE_PTR (0x10)\ninstead of NULL.\n\nLater in dpaa2_switch_probe(), the NAPI initialization unconditionally\naccesses ethsw-\u003eports[0]-\u003enetdev, which attempts to dereference\nZERO_SIZE_PTR (address 0x10), resulting in a kernel panic.\n\nAdd a check to ensure num_ifs is greater than zero after retrieving\ndevice attributes. This prevents the zero-sized allocations and\nsubsequent invalid pointer dereference.",
"id": "GHSA-x2mr-3x78-f97g",
"modified": "2026-03-19T18:31:14Z",
"published": "2026-02-14T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23206"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/155eb99aff2920153bf21217ae29565fff81e6af"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fcccca88456b592bd668db13aa1d29ed257ca2b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4acc40db06ffd0fd92683505342b00c8a7394c60"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/80165ff16051448d6f840585ebe13f2400415df3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b97415c4362f739e25ec6f71012277086fabdf6f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ed48a84a72fefb20a82dd90a7caa7807e90c6f66"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2P6-2VRH-8V9R
Vulnerability from github – Published: 2025-03-18 21:32 – Updated: 2025-03-18 21:32In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dp: populate connector of struct dp_panel
DP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose and expect DP source return correct checksum. During drm edid read, correct edid checksum is calculated and stored at connector::real_edid_checksum.
The problem is struct dp_panel::connector never be assigned, instead the connector is stored in struct msm_dp::connector. When we run compliance testing test case 4.2.2.6 dp_panel_handle_sink_request() won't have a valid edid set in struct dp_panel::edid so we'll try to use the connectors real_edid_checksum and hit a NULL pointer dereference error because the connector pointer is never assigned.
Changes in V2: -- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()
Changes in V3: -- remove unhelpful kernel crash trace commit text -- remove renaming dp_display parameter to dp
Changes in V4: -- add more details to commit text
Changes in v10: -- group into one series
Changes in v11: -- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read
Signee-off-by: Kuogee Hsieh quic_khsieh@quicinc.com
{
"affected": [],
"aliases": [
"CVE-2022-49221"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-26T07:00:59Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dp: populate connector of struct dp_panel\n\nDP CTS test case 4.2.2.6 has valid edid with bad checksum on purpose\nand expect DP source return correct checksum. During drm edid read,\ncorrect edid checksum is calculated and stored at\nconnector::real_edid_checksum.\n\nThe problem is struct dp_panel::connector never be assigned, instead the\nconnector is stored in struct msm_dp::connector. When we run compliance\ntesting test case 4.2.2.6 dp_panel_handle_sink_request() won\u0027t have a valid\nedid set in struct dp_panel::edid so we\u0027ll try to use the connectors\nreal_edid_checksum and hit a NULL pointer dereference error because the\nconnector pointer is never assigned.\n\nChanges in V2:\n-- populate panel connector at msm_dp_modeset_init() instead of at dp_panel_read_sink_caps()\n\nChanges in V3:\n-- remove unhelpful kernel crash trace commit text\n-- remove renaming dp_display parameter to dp\n\nChanges in V4:\n-- add more details to commit text\n\nChanges in v10:\n-- group into one series\n\nChanges in v11:\n-- drop drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read\n\nSignee-off-by: Kuogee Hsieh \u003cquic_khsieh@quicinc.com\u003e",
"id": "GHSA-x2p6-2vrh-8v9r",
"modified": "2025-03-18T21:32:00Z",
"published": "2025-03-18T21:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49221"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/104074ebc0c3f358dd1ee944fbcde92c6e5a21dd"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/413c62697b61226a236c8b1f5cd64dcf42bcc12f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e602f5156910c7b19661699896cb6e3fb94fab9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9525b8bcae8b99188990b56484799cf4b1b43786"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fbba600f432a360b42452fee79d1fb35d3aa8aeb"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2R3-QG8C-GHW6
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2018-20537"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-28T16:29:00Z",
"severity": "MODERATE"
},
"details": "There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.",
"id": "GHSA-x2r3-qg8c-ghw6",
"modified": "2022-05-13T01:27:11Z",
"published": "2022-05-13T01:27:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20537"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652611"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TPVZSUWM5TEAMCBL3Y7QLGQSLCCJFIT"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFI3F3PRKPXOITWD47LF6ON4L5MJQQYM"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X2RG-CR78-H3GM
Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2025-04-20 03:46ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.
{
"affected": [],
"aliases": [
"CVE-2017-14994"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-04T01:29:00Z",
"severity": "MODERATE"
},
"details": "ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted DICOM image, related to the ability of DCM_ReadNonNativeImages to yield an image list with zero frames.",
"id": "GHSA-x2rg-cr78-h3gm",
"modified": "2025-04-20T03:46:19Z",
"published": "2022-05-14T00:57:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14994"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ"
},
{
"type": "WEB",
"url": "https://nandynarwhals.org/CVE-2017-14994"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/512"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4232-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"type": "WEB",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=b3eca3eaa264"
},
{
"type": "WEB",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.