Common Weakness Enumeration

CWE-763

Allowed

Release of Invalid Pointer or Reference

Abstraction: Base · Status: Incomplete

The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.

109 vulnerabilities reference this CWE, most recent first.

GHSA-7M2C-J2FG-JH79

Vulnerability from github – Published: 2025-11-04 18:31 – Updated: 2025-11-04 21:31
VLAI
Details

An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T18:16:45Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in NPU in Samsung Mobile Processor Exynos through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.",
  "id": "GHSA-7m2c-j2fg-jh79",
  "modified": "2025-11-04T21:31:34Z",
  "published": "2025-11-04T18:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54333"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54333"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7MV5-5MXH-QG88

Vulnerability from github – Published: 2024-08-30 18:45 – Updated: 2024-08-30 18:45
VLAI
Summary
nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC
Details

Impact

Decoding a specifically formed message can cause invalid free() or realloc() calls if the message type contains an oneof field, and the oneof directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed.

Patches

Preliminary patch is available on git for 0.4.x and 0.3.x branches. The fix will be released in versions 0.3.9.8 and 0.4.5 once testing has been completed.

Workarounds

Following workarounds are available: * Set the option no_unions for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. * Set the type of all fields inside the oneof to FT_POINTER. This ensures that the data contained inside the union is always a valid pointer. * Heap implementations that guard against invalid free() provide a partial mitigation. Depending on the message type, the pointer value may be attacker controlled and can be used to bypass heap protections.

References

Bug report: https://github.com/nanopb/nanopb/issues/647

For more information

If you have any questions or comments about this advisory, comment on the bug report linked above.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nanopb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.2"
            },
            {
              "fixed": "0.3.9.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nanopb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.4.0"
            },
            {
              "fixed": "0.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-30T18:45:41Z",
    "nvd_published_at": "2021-03-23T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nDecoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed.\n\n### Patches\nPreliminary patch is available on git for [0.4.x](https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261) and [0.3.x](https://github.com/nanopb/nanopb/commit/4a375a560651a86726e5283be85a9231fd0efe9c) branches. The fix will be released in versions 0.3.9.8 and 0.4.5 once testing has been completed.\n\n### Workarounds\nFollowing workarounds are available:\n* Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code.\n* Set the type of all fields inside the oneof to `FT_POINTER`. This ensures that the data contained inside the `union` is always a valid pointer.\n* Heap implementations that guard against invalid `free()` provide a partial mitigation. Depending on the message type, the pointer value may be attacker controlled and can be used to bypass heap protections.\n\n### References\nBug report: https://github.com/nanopb/nanopb/issues/647\n\n### For more information\nIf you have any questions or comments about this advisory, comment on the bug report linked above.",
  "id": "GHSA-7mv5-5mxh-qg88",
  "modified": "2024-08-30T18:45:41Z",
  "published": "2024-08-30T18:45:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nanopb/nanopb/security/advisories/GHSA-7mv5-5mxh-qg88"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21401"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nanopb/nanopb/issues/647"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nanopb/nanopb/commit/4a375a560651a86726e5283be85a9231fd0efe9c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nanopb/nanopb/commit/e2f0ccf939d9f82931d085acb6df8e9a182a4261"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nanopb/nanopb"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nanopb/nanopb/blob/c9124132a604047d0ef97a09c0e99cd9bed2c818/CHANGELOG.txt#L1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nanopb/PYSEC-2021-432.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "nanopb vulnerable to invalid free() call with oneofs and PB_ENABLE_MALLOC"
}

GHSA-7PXJ-W55V-HWP4

Vulnerability from github – Published: 2024-05-15 15:30 – Updated: 2024-07-03 18:41
VLAI
Details

A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25079"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763",
      "CWE-822"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-15T15:15:07Z",
    "severity": "HIGH"
  },
  "details": "A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.",
  "id": "GHSA-7pxj-w55v-hwp4",
  "modified": "2024-07-03T18:41:56Z",
  "published": "2024-05-15T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25079"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge/SA-2024001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-82F5-GHC6-RJ5C

Vulnerability from github – Published: 2023-07-06 21:15 – Updated: 2024-04-04 05:46
VLAI
Details

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-25T14:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47",
  "id": "GHSA-82f5-ghc6-rj5c",
  "modified": "2024-04-04T05:46:54Z",
  "published": "2023-07-06T21:15:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0459"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-89MG-6P9G-4JFJ

Vulnerability from github – Published: 2023-03-19 03:30 – Updated: 2024-08-22 21:31
VLAI
Details

In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-19T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.",
  "id": "GHSA-89mg-6p9g-4jfj",
  "modified": "2024-08-22T21:31:27Z",
  "published": "2023-03-19T03:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48425"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=467333af2f7b95eeaa61a5b5369a80063cd971fd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/fs/ntfs3?id=467333af2f7b95eeaa61a5b5369a80063cd971fd"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230413-0006"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8CGH-48G2-RJ4J

Vulnerability from github – Published: 2026-01-16 00:30 – Updated: 2026-01-16 00:30
VLAI
Details

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers() which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-14233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-16T00:16:27Z",
    "severity": "CRITICAL"
  },
  "details": "Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *: Satera LBP670C Series/Satera MF750C Series firmware v06.02 and earlier sold in Japan.Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i II/imageCLASS X MF1643iF II firmware v06.02 and earlier sold in US.i-SENSYS LBP630C Series/i-SENSYS MF650C Series/i-SENSYS LBP230 Series/1238P II/1238Pr II/i-SENSYS MF450 Series/i-SENSYS MF550 Series/1238i II/1238iF II/imageRUNNER 1643i II/imageRUNNER 1643iF II firmware v06.02 and earlier sold in Europe.",
  "id": "GHSA-8cgh-48g2-rj4j",
  "modified": "2026-01-16T00:30:55Z",
  "published": "2026-01-16T00:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14233"
    },
    {
      "type": "WEB",
      "url": "https://canon.jp/support/support-info/260115vulnerability-response"
    },
    {
      "type": "WEB",
      "url": "https://psirt.canon/advisory-information/cp2026-001"
    },
    {
      "type": "WEB",
      "url": "https://www.canon-europe.com/support/product-security"
    },
    {
      "type": "WEB",
      "url": "https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Remediation-Measure-Against-Potential-Buffer-Overflow-Vulnerability-in-Laser-Printers-and-Small-Office-Multifunctional-Printers"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-8MP8-J92P-F4Q7

Vulnerability from github – Published: 2023-04-24 06:31 – Updated: 2024-03-25 03:31
VLAI
Details

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31082"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-24T06:15:07Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.",
  "id": "GHSA-8mp8-j92p-f4q7",
  "modified": "2024-03-25T03:31:43Z",
  "published": "2023-04-24T06:31:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31082"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1210781"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A%40mail.gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230929-0003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8VJX-3VGX-66MX

Vulnerability from github – Published: 2023-01-11 15:30 – Updated: 2023-01-19 15:30
VLAI
Details

There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-4696"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416",
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-11T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won\u0027t use current-\u003ensproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current-\u003ensproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above",
  "id": "GHSA-8vjx-3vgx-66mx",
  "modified": "2023-01-19T15:30:31Z",
  "published": "2023-01-11T15:30:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4696"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a"
    },
    {
      "type": "WEB",
      "url": "https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-8W89-3RVR-HM3W

Vulnerability from github – Published: 2022-05-01 18:22 – Updated: 2025-04-09 03:45
VLAI
Details

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2007-4367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-08-15T23:17:00Z",
    "severity": "HIGH"
  },
  "details": "Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a \"virtual function call on an invalid pointer.\"",
  "id": "GHSA-8w89-3rvr-hm3w",
  "modified": "2025-04-09T03:45:12Z",
  "published": "2022-05-01T18:22:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4367"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36039"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26477"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26545"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26635"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200708-17.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.opera.com/support/search/view/865"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25331"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1018572"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2904"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-957W-PHR7-H5MC

Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40
VLAI
Details

A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-0731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-763"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-09T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363.",
  "id": "GHSA-957w-phr7-h5mc",
  "modified": "2022-05-13T01:40:34Z",
  "published": "2022-05-13T01:40:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0731"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2017-08-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100204"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

Mitigation
Implementation

When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.

Mitigation MIT-4.6
Architecture and Design

Strategy: Libraries or Frameworks

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation
Architecture and Design

Use a language that provides abstractions for memory allocation and deallocation.

No CAPEC attack patterns related to this CWE.