CWE-824
AllowedAccess of Uninitialized Pointer
Abstraction: Base · Status: Incomplete
The product accesses or uses a pointer that has not been initialized.
451 vulnerabilities reference this CWE, most recent first.
CVE-2018-9948 (GCVE-0-2018-9948)
Vulnerability from cvelistv5 – Published: 2018-05-17 15:00 – Updated: 2024-08-05 07:24- CWE-824 - Access of Uninitialized Pointer
| URL | Tags |
|---|---|
| https://zerodayinitiative.com/advisories/ZDI-18-332 | x_refsource_MISC |
| https://www.foxitsoftware.com/support/security-bu… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/44941/ | exploitx_refsource_EXPLOIT-DB |
| https://www.exploit-db.com/exploits/45269/ | exploitx_refsource_EXPLOIT-DB |
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | Foxit Reader |
Affected:
9.0.0.29935
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-332"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "44941",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44941/"
},
{
"name": "45269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45269/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Foxit Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "9.0.0.29935"
}
]
}
],
"datePublic": "2018-04-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824-Access of Uninitialized Pointer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-29T09:57:01.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-332"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "44941",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44941/"
},
{
"name": "45269",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45269/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.0.29935"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824-Access of Uninitialized Pointer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-332",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-332"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "44941",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44941/"
},
{
"name": "45269",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45269/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2018-9948",
"datePublished": "2018-05-17T15:00:00.000Z",
"dateReserved": "2018-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:24:56.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5392 (GCVE-0-2018-5392)
Vulnerability from cvelistv5 – Published: 2018-08-14 16:00 – Updated: 2024-08-05 05:33| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/307144 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#307144",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/307144"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mingw-w64",
"vendor": "mingw",
"versions": [
{
"status": "affected",
"version": "5.0.4"
}
]
}
],
"datePublic": "2018-08-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-824",
"description": "CWE-824",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-14T15:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#307144",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/307144"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5392",
"STATE": "PUBLIC",
"TITLE": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mingw-w64",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_name": "5.0.4",
"version_value": "5.0.4"
}
]
}
}
]
},
"vendor_name": "mingw"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the \"Dynamic base\" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#307144",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307144"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2018-5392",
"datePublished": "2018-08-14T16:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-22FQ-GXHW-M8H5
Vulnerability from github – Published: 2025-04-08 18:34 – Updated: 2025-07-14 21:31A local code execution vulnerability exists in the Rockwell Automation Arena® due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.
{
"affected": [],
"aliases": [
"CVE-2025-2286"
],
"database_specific": {
"cwe_ids": [
"CWE-457",
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T16:15:26Z",
"severity": "HIGH"
},
"details": "A local code execution vulnerability exists in the Rockwell Automation\u00a0Arena\u00ae \u00a0due to an uninitialized pointer. The flaw is result of improper validation of user-supplied data. If exploited a threat actor can disclose information and execute arbitrary code on the system. To exploit the vulnerability a legitimate user must open a malicious DOE file.",
"id": "GHSA-22fq-gxhw-m8h5",
"modified": "2025-07-14T21:31:43Z",
"published": "2025-04-08T18:34:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2286"
},
{
"type": "WEB",
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1726.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-22G9-2J29-W93Q
Vulnerability from github – Published: 2024-10-29 03:31 – Updated: 2025-11-04 00:31In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix uninitialized pointer free in add_inode_ref()
The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL,
dir = read_one_inode(root, parent_objectid);
if (!dir) {
ret = -ENOENT;
goto out;
}
inode = read_one_inode(root, inode_objectid);
if (!inode) {
ret = -EIO;
goto out;
}
then "name.name" would be freed on "out" before being initialized.
out: ... kfree(name.name);
This issue was reported by Coverity with CID 1526744.
{
"affected": [],
"aliases": [
"CVE-2024-50088"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-29T01:15:05Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix uninitialized pointer free in add_inode_ref()\n\nThe add_inode_ref() function does not initialize the \"name\" struct when\nit is declared. If any of the following calls to \"read_one_inode()\nreturns NULL,\n\n\tdir = read_one_inode(root, parent_objectid);\n\tif (!dir) {\n\t\tret = -ENOENT;\n\t\tgoto out;\n\t}\n\n\tinode = read_one_inode(root, inode_objectid);\n\tif (!inode) {\n\t\tret = -EIO;\n\t\tgoto out;\n\t}\n\nthen \"name.name\" would be freed on \"out\" before being initialized.\n\nout:\n\t...\n\tkfree(name.name);\n\nThis issue was reported by Coverity with CID 1526744.",
"id": "GHSA-22g9-2j29-w93q",
"modified": "2025-11-04T00:31:52Z",
"published": "2024-10-29T03:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50088"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/12cf028381aa19bc38465341512c280256e8d82d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/66691c6e2f18d2aa4b22ffb624b9bdc97e9979e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a941f3d5b1469c60a7e70e775584f110b47e0d16"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-22M8-87MJ-3XC3
Vulnerability from github – Published: 2024-10-09 12:30 – Updated: 2024-10-09 12:30Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2024-47411"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-09T10:15:04Z",
"severity": "HIGH"
},
"details": "Animate versions 23.0.7, 24.0.4 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-22m8-87mj-3xc3",
"modified": "2024-10-09T12:30:51Z",
"published": "2024-10-09T12:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47411"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/animate/apsb24-76.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-26HM-GGHQ-X5RR
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2022-10-07 18:16An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.
{
"affected": [],
"aliases": [
"CVE-2020-9274"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-26T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c.",
"id": "GHSA-26hm-gghq-x5rr",
"modified": "2022-10-07T18:16:01Z",
"published": "2022-05-24T17:09:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9274"
},
{
"type": "WEB",
"url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00029.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22P44PECZWNDP7CMBL7NRBMNFS73C5Z2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5NSUDWXZVWUCL6R2PTX3KBB42Z62CA5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5DBVHJCXWRSJPNJQCJQCKZF6ZDPZCKA"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-54"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4515-1"
},
{
"type": "WEB",
"url": "https://www.pureftpd.org/project/pure-ftpd/news"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-278X-PH66-X5GW
Vulnerability from github – Published: 2023-02-12 06:30 – Updated: 2023-02-21 18:30Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.
{
"affected": [],
"aliases": [
"CVE-2022-33280"
],
"database_specific": {
"cwe_ids": [
"CWE-787",
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-12T04:15:00Z",
"severity": "HIGH"
},
"details": "Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet.",
"id": "GHSA-278x-ph66-x5gw",
"modified": "2023-02-21T18:30:20Z",
"published": "2023-02-12T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33280"
},
{
"type": "WEB",
"url": "https://www.qualcomm.com/company/product-security/bulletins/february-2023-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-299G-Q65M-5Q2M
Vulnerability from github – Published: 2023-05-12 00:30 – Updated: 2024-04-04 04:03Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-29278"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-11T22:15:10Z",
"severity": "HIGH"
},
"details": "Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-299g-q65m-5q2m",
"modified": "2024-04-04T04:03:15Z",
"published": "2023-05-12T00:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29278"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb23-29.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2C7Q-F957-Q248
Vulnerability from github – Published: 2025-07-09 00:30 – Updated: 2025-07-09 00:30Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2025-47121"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T23:15:24Z",
"severity": "HIGH"
},
"details": "Adobe Framemaker versions 2020.8, 2022.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-2c7q-f957-q248",
"modified": "2025-07-09T00:30:33Z",
"published": "2025-07-09T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47121"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/framemaker/apsb25-66.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2CCG-6C4P-H2V9
Vulnerability from github – Published: 2023-11-16 18:30 – Updated: 2023-11-16 18:30Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
{
"affected": [],
"aliases": [
"CVE-2023-47054"
],
"database_specific": {
"cwe_ids": [
"CWE-824"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-16T16:15:33Z",
"severity": "LOW"
},
"details": "Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.",
"id": "GHSA-2ccg-6c4p-h2v9",
"modified": "2023-11-16T18:30:31Z",
"published": "2023-11-16T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47054"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/audition/apsb23-64.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.